summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAli Mohammad Pur <ali.mpfard@gmail.com>2022-12-05 00:13:47 +0330
committerAndreas Kling <kling@serenityos.org>2022-12-06 11:19:50 +0100
commitc500647eeebf0f7752fd4bf6b0a65c91e7f555e2 (patch)
tree1e90986000e52ad27460e1044c4bd95e8ca5fab7
parent57dc179b1fce5d4b7171311b04667debfe693095 (diff)
downloadserenity-c500647eeebf0f7752fd4bf6b0a65c91e7f555e2.zip
AK: Take the bump-allocated chunk header into account in destroy_all()
Previously we allowed the end_offset to be larger than the chunk itself, which made it so that certain input sizes would make the logic attempt to delete a nonexistent object. Fixes #16308.
-rw-r--r--AK/BumpAllocator.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/AK/BumpAllocator.h b/AK/BumpAllocator.h
index 73393b2f02..81cd9dbf19 100644
--- a/AK/BumpAllocator.h
+++ b/AK/BumpAllocator.h
@@ -181,7 +181,7 @@ public:
this->for_each_chunk([&](auto chunk) {
auto base_ptr = align_up_to(chunk + sizeof(typename Allocator::ChunkHeader), alignof(T));
// Compute the offset of the first byte *after* this chunk:
- FlatPtr end_offset = base_ptr + this->m_chunk_size - chunk;
+ FlatPtr end_offset = base_ptr + this->m_chunk_size - chunk - sizeof(typename Allocator::ChunkHeader);
if (chunk == this->m_current_chunk)
end_offset = this->m_byte_offset_into_current_chunk;
// Compute the offset of the first byte *after* the last valid object, in case the end of the chunk does not align with the end of an object: