Skip to content

Commit

Permalink
fix C++ sized deallocation check false positive
Browse files Browse the repository at this point in the history
This is a compatibility issue triggered when both slab canaries and the
C++ allocator overloads providing sized deallocation checks are enabled.

The boundary where slab allocations are turned into large allocations
due to not having room for the canary in the largest slab allocation
size class triggers a false positive in the sized deallocation check.
  • Loading branch information
thestinger committed Jan 6, 2021
1 parent e9d9f70 commit 5275563
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion h_malloc.c
Original file line number Diff line number Diff line change
Expand Up @@ -1552,9 +1552,11 @@ EXPORT void h_free_sized(void *p, size_t expected_size) {
return;
}

expected_size = adjust_size_for_canaries(expected_size);

if (p < get_slab_region_end() && p >= ro.slab_region_start) {
thread_unseal_metadata();
expected_size = get_size_info(adjust_size_for_canaries(expected_size)).size;
expected_size = get_size_info(expected_size).size;
deallocate_small(p, &expected_size);
thread_seal_metadata();
return;
Expand Down

0 comments on commit 5275563

Please sign in to comment.