justin/jsix
1
1
Fork 0
mirror of https://github.com/justinian/jsix.git synced 2025-12-11 08:54:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

[kernel] Fix freelist-clobber bug in heap allocator

Browse Source 
The heap_allocator::get_free(order) function returns a reference to the
head pointer of the given freelist, so that it can be manipulated.
However, split_off was also taking a reference to a pointer for an out
param - passing the freelist pointer in here caused split_off to modify
the freelist.

I cleaned up a bunch of the places the freelist pointers were being
touched to make the usage more explicit.
This commit is contained in:
Justin C. Miller
2022-10-10 20:50:08 -07:00
parent 19791d1d7f
commit 48e3f9f9d2
2 changed files with 27 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/kernel/heap_allocator.h
View File

@@ -88,9 +88,9 @@ protected:
/// Helper to get a block of the given order by splitting existing
/// larger blocks. Returns false if there were no larger blocks.
/// \arg order Order (2^N) of the block we want
/// \arg block [out] Receives a pointer to the requested block
/// \arg split [out] Receives a pointer to the requested block
/// \returns True if a split was done
bool split_off(unsigned order, free_header *&block);
bool split_off(unsigned order, free_header *&split);
uintptr_t m_start, m_end;
size_t m_maxsize;