From ad3afae315a9ebf957f566bc78ef806c9c185c94 Mon Sep 17 00:00:00 2001
From: "Justin C. Miller" <justin@devjustinian.com>
Date: Mon, 10 Jul 2023 01:24:13 -0700
Subject: [PATCH] [kernel] Fix a heap double-allocate bug

In the heap allocator, new blocks allocated directly for an allocate
request (instead of indirectly as part of a block split) would only set
their order in the tracking map, not their free flag. This left
uninitialized data in the block info map, which thus meant it was marked
as free for looking up for merges. (Not for allocations, since the block
didn't actually appear in the free list.)
---
 src/kernel/heap_allocator.cpp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/kernel/heap_allocator.cpp b/src/kernel/heap_allocator.cpp
index 0ef9465..a8e5fbc 100644
--- a/src/kernel/heap_allocator.cpp
+++ b/src/kernel/heap_allocator.cpp
@@ -138,11 +138,11 @@ heap_allocator::reallocate(void *p, size_t old_length, size_t new_length)
         return p;
 
     lock.release();
-    void *new_block = allocate(new_length);
-    memcpy(new_block, p, old_length);
+    void *reallocated = allocate(new_length);
+    memcpy(reallocated, p, old_length);
     free(p);
 
-    return new_block;
+    return reallocated;
 }
 
 heap_allocator::free_header *
@@ -202,7 +202,9 @@ heap_allocator::new_block(unsigned order)
 
     void *block = reinterpret_cast<void*>(m_end);
     m_end += 1ull << order;
-    m_map[map_key(block)].order = order;
+    block_info &info = m_map[map_key(block)];
+    info.order = order;
+    info.free = false;
     return block;
 }