From 3a2727844c66e939c69a3f802dfd58224433dcaf Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Fri, 13 Nov 2020 10:56:30 +0100
Subject: [PATCH] LibC: Adjust malloc size classes to ensure 8-byte aligned
 pointers

The pointers returned by malloc should always be 8-byte aligned on x86.
We were not consistent about this, as some ChunkedBlock size classes
were not divisible by 8.

This fixes some OOB reads found by running GCC in UE.
---
 Libraries/LibC/malloc.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Libraries/LibC/malloc.cpp b/Libraries/LibC/malloc.cpp
index cdf3295d9f..f039edffc4 100644
--- a/Libraries/LibC/malloc.cpp
+++ b/Libraries/LibC/malloc.cpp
@@ -75,7 +75,7 @@ static bool s_log_malloc = false;
 static bool s_scrub_malloc = true;
 static bool s_scrub_free = true;
 static bool s_profiling = false;
-static unsigned short size_classes[] = { 8, 16, 32, 64, 128, 252, 508, 1016, 2036, 4090, 8188, 16376, 32756, 0 };
+static unsigned short size_classes[] = { 8, 16, 32, 64, 128, 256, 500, 1016, 2032, 4088, 8184, 16376, 32752, 0 };
 static constexpr size_t num_size_classes = sizeof(size_classes) / sizeof(unsigned short);
 
 struct MallocStats {
@@ -144,7 +144,7 @@ struct ChunkedBlock
     ChunkedBlock* m_prev { nullptr };
     ChunkedBlock* m_next { nullptr };
     FreelistEntry* m_freelist { nullptr };
-    unsigned short m_free_chunks { 0 };
+    size_t m_free_chunks { 0 };
     [[gnu::aligned(8)]] unsigned char m_slot[0];
 
     void* chunk(size_t index)