jmb/hardened_malloc
1
0
Fork 0
mirror of https://github.com/GrapheneOS/hardened_malloc.git synced 2025-10-31 08:16:31 +01:00
Code Issues Projects Releases Packages Wiki Activity

fix C++ sized deallocation check false positive

Browse source 
This is a compatibility issue triggered when both slab canaries and the
C++ allocator overloads providing sized deallocation checks are enabled.

The boundary where slab allocations are turned into large allocations
due to not having room for the canary in the largest slab allocation
size class triggers a false positive in the sized deallocation check.
This commit is contained in:
Daniel Micay 2021-01-06 00:12:17 -05:00
parent e9d9f70ad4
commit 5275563252
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
h_malloc.c
View file

@ -1552,9 +1552,11 @@ EXPORT void h_free_sized(void *p, size_t expected_size) {
return;
}
expected_size = adjust_size_for_canaries(expected_size);
if (p < get_slab_region_end() && p >= ro.slab_region_start) {
thread_unseal_metadata();
expected_size = get_size_info(adjust_size_for_canaries(expected_size)).size;
expected_size = get_size_info(expected_size).size;
deallocate_small(p, &expected_size);
thread_seal_metadata();
return;