RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 08:07:44 +00:00
Code Issues Activity Actions

AK: Take the bump-allocated chunk header into account in destroy_all()

Browse source 
Previously we allowed the end_offset to be larger than the chunk itself,
which made it so that certain input sizes would make the logic attempt
to delete a nonexistent object.
Fixes #16308.
This commit is contained in:
Ali Mohammad Pur 2022-12-05 00:13:47 +03:30 committed by Andreas Kling
parent 57dc179b1f
commit c500647eee
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
AK/BumpAllocator.h
View file

@ -181,7 +181,7 @@ public:
this->for_each_chunk([&](auto chunk) { this->for_each_chunk([&](auto chunk) {
auto base_ptr = align_up_to(chunk + sizeof(typename Allocator::ChunkHeader), alignof(T)); auto base_ptr = align_up_to(chunk + sizeof(typename Allocator::ChunkHeader), alignof(T));
// Compute the offset of the first byte *after* this chunk: // Compute the offset of the first byte *after* this chunk:
FlatPtr end_offset = base_ptr + this->m_chunk_size - chunk; FlatPtr end_offset = base_ptr + this->m_chunk_size - chunk - sizeof(typename Allocator::ChunkHeader);
if (chunk == this->m_current_chunk) if (chunk == this->m_current_chunk)
end_offset = this->m_byte_offset_into_current_chunk; end_offset = this->m_byte_offset_into_current_chunk;
// Compute the offset of the first byte *after* the last valid object, in case the end of the chunk does not align with the end of an object: // Compute the offset of the first byte *after* the last valid object, in case the end of the chunk does not align with the end of an object: