kimcinoo
/
efl
forked from enlightenment/efl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

eina: prevent memory corruption in chained mempool 

The chained mempool uses eina trash to dispose and retrieve memory
blobs. Problem is that eina trash requires the memory blobs to be at
least of the size of a pointer. If the size of an element in the mempool
is less than the size of a pointer, which _is_ possible as no minimal
size is enforced, eina_trash will silently corrupt the memory pool.

To prevent memory corruption while still allowing small elements, the
size of an element defaults to the size of a pointer if it was smaller.
This comes at the cost of consuming slightly more memory in these cases,
but at least the memory pool can be safely be used.

@fix
This commit is contained in:
Jean Guyomarc'h 2017-09-16 14:20:11 +02:00
parent 76144128ce
commit 96ab58fb8e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/modules/eina/mp/chained_pool/eina_chained_mempool.c
View File

@ -563,7 +563,7 @@ eina_chained_mempool_init(const char *context,
memcpy((char *)mp->name, context, length);
}
mp->item_alloc = eina_mempool_alignof(item_size);
mp->item_alloc = MAX(eina_mempool_alignof(item_size), sizeof(void *));
mp->pool_size = (((((mp->item_alloc * mp->pool_size + aligned_chained_pool) / page_size)
+ 1) * page_size)