romenskiy2012/jemalloc
1
0
Fork 0
mirror of https://github.com/jemalloc/jemalloc.git synced 2026-04-30 09:07:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

Fix junk filling of cached large objects.

Browse source 
Use the size argument to tcache_dalloc_large() to control the number of
bytes set to 0x5a when junk filling is enabled, rather than accessing a
non-existent arena bin.  This bug was capable of corrupting an
arbitrarily large memory region, depending on what followed the arena
data structure in memory (typically zeroed memory, another arena_t, or a
red-black tree node for a huge object).
This commit is contained in:
Jason Evans 2010-04-28 12:00:59 -07:00
parent 5055f4516c
commit ecea0f6125
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
jemalloc/include/jemalloc/internal/tcache.h
View file

@ -353,7 +353,7 @@ tcache_dalloc_large(tcache_t *tcache, void *ptr, size_t size)
#ifdef JEMALLOC_FILL
if (opt_junk)
memset(ptr, 0x5a, arena->bins[binind].reg_size);
memset(ptr, 0x5a, size);
#endif
tbin = &tcache->tbins[binind];