RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 00:57:45 +00:00
Code Issues Activity Actions

Kernel: Don't overrun the buffer in krealloc()

Browse source 
The allocation_size_in_chunks field contains the bytes necessary for
the AllocationHeader so we need to subtract that when we try to figure
out how much user data we have to copy.

Fixes #7549.
This commit is contained in:
Gunnar Beutner 2021-05-29 14:25:48 +02:00 committed by Ali Mohammad Pur
parent e2989424c7
commit 77f9f442d8
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Kernel/Heap/Heap.h
View file

@ -113,7 +113,7 @@ public:
VERIFY((u8*)a >= m_chunks && (u8*)ptr < m_chunks + m_total_chunks * CHUNK_SIZE);
VERIFY((u8*)a + a->allocation_size_in_chunks * CHUNK_SIZE <= m_chunks + m_total_chunks * CHUNK_SIZE);
size_t old_size = a->allocation_size_in_chunks * CHUNK_SIZE;
size_t old_size = a->allocation_size_in_chunks * CHUNK_SIZE - sizeof(AllocationHeader);
if (old_size == new_size)
return ptr;