diff options
author | Andreas Kling <kling@serenityos.org> | 2021-12-28 19:25:14 +0100 |
---|---|---|
committer | Andreas Kling <kling@serenityos.org> | 2021-12-28 21:02:38 +0100 |
commit | 9dffcc9752d7e6a4337f3ef500683ace9f0047da (patch) | |
tree | 1d72acbf3bf4accfbdd0435c816a712d64272f3d /Kernel/Heap/kmalloc.cpp | |
parent | 9111376d70a89440a8a37a6e45d1191459487b6c (diff) | |
download | serenity-9dffcc9752d7e6a4337f3ef500683ace9f0047da.zip |
Kernel: VERIFY that addresses passed to kfree_sized() look valid
Let's do some simple pointer arithmetic to verify that the address being
freed is at least within one of the two valid kmalloc VM ranges.
Diffstat (limited to 'Kernel/Heap/kmalloc.cpp')
-rw-r--r-- | Kernel/Heap/kmalloc.cpp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/Kernel/Heap/kmalloc.cpp b/Kernel/Heap/kmalloc.cpp index a26923b4c1..71aacb04f1 100644 --- a/Kernel/Heap/kmalloc.cpp +++ b/Kernel/Heap/kmalloc.cpp @@ -186,6 +186,7 @@ struct KmallocGlobalData { void deallocate(void* ptr, size_t size) { VERIFY(!expansion_in_progress); + VERIFY(is_valid_kmalloc_address(VirtualAddress { ptr })); for (auto& slabheap : slabheaps) { if (size <= slabheap.slab_size()) @@ -298,6 +299,17 @@ struct KmallocGlobalData { }; Optional<ExpansionData> expansion_data; + bool is_valid_kmalloc_address(VirtualAddress vaddr) const + { + if (vaddr.as_ptr() >= initial_kmalloc_memory && vaddr.as_ptr() < (initial_kmalloc_memory + INITIAL_KMALLOC_MEMORY_SIZE)) + return true; + + if (!expansion_data.has_value()) + return false; + + return expansion_data->virtual_range.contains(vaddr); + } + KmallocSubheap::List subheaps; KmallocSlabheap slabheaps[6] = { 16, 32, 64, 128, 256, 512 }; |