DCHECK in PartitionCookieCheckValue after reallocating buffer. |
|||
Issue descriptionWhen partitonalloc is built with "cookies", it stamps a value at the beginning and end of each allocation. However, there is a problem with the reallocation path at https://cs.chromium.org/chromium/src/base/allocator/partition_allocator/partition_alloc.cc?l=1052 if (actual_new_size == actual_old_size) { // Trying to allocate a block of size new_size would give us a block of // the same size as the one we've already got, so no point in doing // anything here. return ptr; } When this is taken, the end cookie needs to be moved out of harm's way since it will be overwritten by the caller when using the full size. Additionally, the raw size bookkeeping needs to be updated to account for the new location of the cookie.
,
Apr 7 2017
CL at https://codereview.chromium.org/2799323003/
,
Apr 7 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8b56c3d42b97dd0d165daa6c1b3619f40ff2d6a4 commit 8b56c3d42b97dd0d165daa6c1b3619f40ff2d6a4 Author: tsepez <tsepez@chromium.org> Date: Fri Apr 07 23:27:22 2017 Fix PartitionAlloc cookies for large in-place reallocs BUG= 709271 Review-Url: https://codereview.chromium.org/2799323003 Cr-Commit-Position: refs/heads/master@{#463047} [modify] https://crrev.com/8b56c3d42b97dd0d165daa6c1b3619f40ff2d6a4/base/allocator/partition_allocator/partition_alloc.cc [modify] https://crrev.com/8b56c3d42b97dd0d165daa6c1b3619f40ff2d6a4/base/allocator/partition_allocator/partition_alloc_unittest.cc
,
Apr 11 2017
|
|||
►
Sign in to add a comment |
|||
Comment 1 by tsepez@chromium.org
, Apr 7 2017