RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-10 06:37:36 +00:00
Code Issues Activity Actions

UserspaceEmulator: Skip freed mallocations in reachability scan

Browse source 
Something being reachable from a freed mallocation doesn't make it
actually reachable.

Thanks to Jonas Bengtsson for spotting this! :^)
This commit is contained in:
Andreas Kling 2020-07-17 00:24:23 +02:00
parent b17d175379
commit df58ea808e
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
DevTools/UserspaceEmulator/MallocTracer.cpp
View file

@ -146,6 +146,8 @@ bool MallocTracer::is_reachable(const Mallocation& mallocation) const
for (auto& other_mallocation : m_mallocations) { for (auto& other_mallocation : m_mallocations) {
if (&mallocation == &other_mallocation) if (&mallocation == &other_mallocation)
continue; continue;
if (other_mallocation.freed)
continue;
size_t pointers_in_mallocation = other_mallocation.size / sizeof(u32); size_t pointers_in_mallocation = other_mallocation.size / sizeof(u32);
for (size_t i = 0; i < pointers_in_mallocation; ++i) { for (size_t i = 0; i < pointers_in_mallocation; ++i) {
auto value = Emulator::the().mmu().read32({ 0x20, other_mallocation.address + i * sizeof(u32) }); auto value = Emulator::the().mmu().read32({ 0x20, other_mallocation.address + i * sizeof(u32) });