mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 04:27:45 +00:00
UserspaceEmulator: Don't assume entire malloc block is chunked
Accesses in the header (or trailing padding) of a malloc block should not be associated with any mallocation since only the chunk-sized slots actually get returned by malloc. Basically, allow address-to-chunk lookup to fail, and handle such failures gracefully at call sites. Fixes #5706.
This commit is contained in:
parent
38fc522f5d
commit
1381720d1d
2 changed files with 27 additions and 13 deletions
|
@ -60,8 +60,8 @@ public:
|
|||
FlatPtr address { 0 };
|
||||
size_t chunk_size { 0 };
|
||||
|
||||
size_t chunk_index_for_address(FlatPtr) const;
|
||||
Mallocation& mallocation_for_address(FlatPtr) const;
|
||||
Optional<size_t> chunk_index_for_address(FlatPtr) const;
|
||||
Mallocation* mallocation_for_address(FlatPtr) const;
|
||||
|
||||
Vector<Mallocation> mallocations;
|
||||
};
|
||||
|
@ -103,11 +103,14 @@ ALWAYS_INLINE Mallocation* MallocTracer::find_mallocation(const Region& region,
|
|||
auto* malloc_data = static_cast<MmapRegion&>(const_cast<Region&>(region)).malloc_metadata();
|
||||
if (!malloc_data)
|
||||
return nullptr;
|
||||
auto& mallocation = malloc_data->mallocation_for_address(address);
|
||||
if (!mallocation.used)
|
||||
auto* mallocation = malloc_data->mallocation_for_address(address);
|
||||
if (!mallocation)
|
||||
return nullptr;
|
||||
VERIFY(mallocation.contains(address));
|
||||
return &mallocation;
|
||||
if (!mallocation->used)
|
||||
return nullptr;
|
||||
if (!mallocation->contains(address))
|
||||
return nullptr;
|
||||
return mallocation;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue