Please sign in to comment.
lib/os/mempool: Fix corruption case with block splitting
The block_fits() predicate was borked. It would check that a block fits within the bounds of the whole heap. But that's not enough: because of alignment changes between levels the sub-blocks may be adjusted forward. It needs to fit inside the PARENT block that it was split from. What could happen at runtime is that the last subblocks of a misaligned parent block would overlap memory from subsequent blocks, or even run off the end of the heap. That's bad. Change the API of block_fits() a little so it can extract the parent region and do this properly. Fixes #15279. Passes test introduced in #16728 to demonstrate what seems like the same issue. Signed-off-by: Andy Ross <email@example.com>
- Loading branch information...