From 0f1425c895ace40fbb10d68a55eeb3a6354479d3 Mon Sep 17 00:00:00 2001
From: Ali Mohammad Pur <ali.mpfard@gmail.com>
Date: Fri, 13 Aug 2021 04:39:11 +0430
Subject: [PATCH] AK: Avoid OOB access in UniformBumpAllocator::destroy_all()

Otherwise we would end up calling T::~T() on some random memory right
after our mapped block, which is most likely a pretty bad thing to do :P
---
 AK/BumpAllocator.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/AK/BumpAllocator.h b/AK/BumpAllocator.h
index e206842e2a..d78ed5e9ba 100644
--- a/AK/BumpAllocator.h
+++ b/AK/BumpAllocator.h
@@ -163,7 +163,7 @@ public:
     {
         this->for_each_chunk([&](auto chunk) {
             auto base_ptr = align_up_to(chunk + sizeof(typename Allocator::ChunkHeader), alignof(T));
-            FlatPtr end_offset = this->m_chunk_size;
+            FlatPtr end_offset = this->m_chunk_size - sizeof(typename Allocator::ChunkHeader);
             if (chunk == this->m_current_chunk)
                 end_offset = this->m_byte_offset_into_current_chunk;
             for (; base_ptr - chunk < end_offset; base_ptr += sizeof(T))