Fix out of bounds access issue

This commit is contained in:
lax1dude 2024-11-09 19:40:42 -08:00
parent 73148353eb
commit 07293886db

View File

@ -335,20 +335,22 @@ public final class LaxMalloc {
// set the chunk no longer in use // set the chunk no longer in use
chunkSize &= 0x7FFFFFFF; chunkSize &= 0x7FFFFFFF;
if (!chunkPtr.isLessThan(addrHeap(ADDR_HEAP_DATA_START))) { if (addrHeap(ADDR_HEAP_DATA_START).isLessThan(chunkPtr)) {
// check if we can merge with the previous chunk, and move it to another bucket
Address prevChunkPtr = chunkPtr.add(-(chunkPtr.add(-4).getInt())); Address prevChunkPtr = chunkPtr.add(-(chunkPtr.add(-4).getInt()));
int prevChunkSize = readChunkSizeStatus(prevChunkPtr); if (!prevChunkPtr.isLessThan(addrHeap(ADDR_HEAP_DATA_START))) {
if ((prevChunkSize & 0x80000000) == 0) { // check if we can merge with the previous chunk, and move it to another bucket
// previous chunk is not in use, merge! int prevChunkSize = readChunkSizeStatus(prevChunkPtr);
if ((prevChunkSize & 0x80000000) == 0) {
// remove the previous chunk from its list // previous chunk is not in use, merge!
unlinkChunkFromFreeList(prevChunkPtr, prevChunkSize);
// remove the previous chunk from its list
// resize the current chunk to also contain the previous chunk unlinkChunkFromFreeList(prevChunkPtr, prevChunkSize);
chunkPtr = prevChunkPtr;
chunkSize += prevChunkSize; // resize the current chunk to also contain the previous chunk
sizeChanged = true; chunkPtr = prevChunkPtr;
chunkSize += prevChunkSize;
sizeChanged = true;
}
} }
} }
@ -522,7 +524,7 @@ public final class LaxMalloc {
int bytesNeeded = newHeapInnerLimit.toInt() - heapOuterLimit.toInt(); int bytesNeeded = newHeapInnerLimit.toInt() - heapOuterLimit.toInt();
bytesNeeded = (bytesNeeded + 0xFFFF) & 0xFFFF0000; bytesNeeded = (bytesNeeded + 0xFFFF) & 0xFFFF0000;
Address newHeapOuterLimit = heapOuterLimit.add(bytesNeeded); Address newHeapOuterLimit = heapOuterLimit.add(bytesNeeded);
if (!getHeapMaxAddr().isLessThan(newHeapOuterLimit) && growHeapOuter(bytesNeeded >> 16) != -1) { if (!getHeapMaxAddr().isLessThan(newHeapOuterLimit) && growHeapOuter(bytesNeeded >>> 16) != -1) {
addrHeap(ADDR_HEAP_INNER_LIMIT).putAddress(newHeapInnerLimit); addrHeap(ADDR_HEAP_INNER_LIMIT).putAddress(newHeapInnerLimit);
addrHeap(ADDR_HEAP_OUTER_LIMIT).putAddress(newHeapOuterLimit); addrHeap(ADDR_HEAP_OUTER_LIMIT).putAddress(newHeapOuterLimit);
notifyHeapResized(); notifyHeapResized();