summaryrefslogtreecommitdiff
path: root/src/modules
diff options
context:
space:
mode:
authorJean Guyomarc'h <jean@guyomarch.bzh>2017-09-16 14:20:11 +0200
committerJean Guyomarc'h <jean@guyomarch.bzh>2017-09-16 14:28:39 +0200
commit96ab58fb8e34868c16beca2ee99c148e31e8eb09 (patch)
tree5198ed2073bb8e08716f9fdd4c2aa18ab4c4c628 /src/modules
parent76144128cee802d2cdb23154c42d9d4252fc0338 (diff)
eina: prevent memory corruption in chained mempool
The chained mempool uses eina trash to dispose and retrieve memory blobs. Problem is that eina trash requires the memory blobs to be at least of the size of a pointer. If the size of an element in the mempool is less than the size of a pointer, which _is_ possible as no minimal size is enforced, eina_trash will silently corrupt the memory pool. To prevent memory corruption while still allowing small elements, the size of an element defaults to the size of a pointer if it was smaller. This comes at the cost of consuming slightly more memory in these cases, but at least the memory pool can be safely be used. @fix
Diffstat (limited to 'src/modules')
-rw-r--r--src/modules/eina/mp/chained_pool/eina_chained_mempool.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/modules/eina/mp/chained_pool/eina_chained_mempool.c b/src/modules/eina/mp/chained_pool/eina_chained_mempool.c
index 7ab6954..b50b4dd 100644
--- a/src/modules/eina/mp/chained_pool/eina_chained_mempool.c
+++ b/src/modules/eina/mp/chained_pool/eina_chained_mempool.c
@@ -563,7 +563,7 @@ eina_chained_mempool_init(const char *context,
563 memcpy((char *)mp->name, context, length); 563 memcpy((char *)mp->name, context, length);
564 } 564 }
565 565
566 mp->item_alloc = eina_mempool_alignof(item_size); 566 mp->item_alloc = MAX(eina_mempool_alignof(item_size), sizeof(void *));
567 567
568 mp->pool_size = (((((mp->item_alloc * mp->pool_size + aligned_chained_pool) / page_size) 568 mp->pool_size = (((((mp->item_alloc * mp->pool_size + aligned_chained_pool) / page_size)
569 + 1) * page_size) 569 + 1) * page_size)