[malloc] Avoid immediately clobbering reference count when freeing memory
Rearrange the fields in struct memory_block (without altering MIN_MEMBLOCK_SIZE) so that the "count" field of a reference-counted object is left intact when the memory containing the object is freed. This allows for the possibility of detecting reference-counting errors such as double-freeing. Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
parent
6e41f2cf18
commit
13e4b9ec49
@ -25,6 +25,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
|
|||||||
#include <ipxe/io.h>
|
#include <ipxe/io.h>
|
||||||
#include <ipxe/list.h>
|
#include <ipxe/list.h>
|
||||||
#include <ipxe/init.h>
|
#include <ipxe/init.h>
|
||||||
|
#include <ipxe/refcnt.h>
|
||||||
#include <ipxe/malloc.h>
|
#include <ipxe/malloc.h>
|
||||||
|
|
||||||
/** @file
|
/** @file
|
||||||
@ -35,10 +36,21 @@ FILE_LICENCE ( GPL2_OR_LATER );
|
|||||||
|
|
||||||
/** A free block of memory */
|
/** A free block of memory */
|
||||||
struct memory_block {
|
struct memory_block {
|
||||||
/** List of free blocks */
|
|
||||||
struct list_head list;
|
|
||||||
/** Size of this block */
|
/** Size of this block */
|
||||||
size_t size;
|
size_t size;
|
||||||
|
/** Padding
|
||||||
|
*
|
||||||
|
* This padding exists to cover the "count" field of a
|
||||||
|
* reference counter, in the common case where a reference
|
||||||
|
* counter is the first element of a dynamically-allocated
|
||||||
|
* object. It avoids clobbering the "count" field as soon as
|
||||||
|
* the memory is freed, and so allows for the possibility of
|
||||||
|
* detecting reference counting errors.
|
||||||
|
*/
|
||||||
|
char pad[ offsetof ( struct refcnt, count ) +
|
||||||
|
sizeof ( ( ( struct refcnt * ) NULL )->count ) ];
|
||||||
|
/** List of free blocks */
|
||||||
|
struct list_head list;
|
||||||
};
|
};
|
||||||
|
|
||||||
#define MIN_MEMBLOCK_SIZE \
|
#define MIN_MEMBLOCK_SIZE \
|
||||||
|
Reference in New Issue
Block a user