From daa06b3acd21e01fa45f1114ed5a575994ea5898 Mon Sep 17 00:00:00 2001 From: Ivan Maidanski Date: Tue, 14 Jun 2022 07:38:44 +0300 Subject: Ensure typed objects descriptor is never located in the first word Free objects are linked in the collector through the first word in the object. This commit prevents placing type descriptor to the first word of the allocated object by ensuring that the size of typed objects (requested by a client) is non-zero. * typd_mlc.c (GC_malloc_explicitly_typed, GC_malloc_explicitly_typed_ignore_off_page): If lb is zero, then assume lb is 1 (byte). * typd_mlc.c (GC_calloc_explicitly_typed): If lb or n is zero, then assume that lb*n is 1. --- typd_mlc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'typd_mlc.c') diff --git a/typd_mlc.c b/typd_mlc.c index ea40f08c..59643b72 100644 --- a/typd_mlc.c +++ b/typd_mlc.c @@ -283,6 +283,7 @@ GC_API GC_ATTR_MALLOC void * GC_CALL GC_malloc_explicitly_typed(size_t lb, size_t nwords; GC_ASSERT(GC_explicit_typing_initialized); + if (EXPECT(0 == lb, FALSE)) lb = 1; /* ensure nwords > 1 */ lb = SIZET_SAT_ADD(lb, TYPD_EXTRA_BYTES); op = GC_malloc_kind(lb, GC_explicit_kind); if (EXPECT(NULL == op, FALSE)) @@ -309,6 +310,7 @@ GC_API GC_ATTR_MALLOC void * GC_CALL DCL_LOCK_STATE; GC_ASSERT(GC_explicit_typing_initialized); + if (EXPECT(0 == lb, FALSE)) lb = 1; lb = SIZET_SAT_ADD(lb, TYPD_EXTRA_BYTES); if (SMALL_OBJ(lb)) { void **opp; @@ -501,8 +503,9 @@ GC_API GC_ATTR_MALLOC void * GC_CALL GC_calloc_explicitly_typed(size_t n, GC_STATIC_ASSERT(sizeof(struct LeafDescriptor) % sizeof(word) == 0); GC_ASSERT(GC_explicit_typing_initialized); + if (EXPECT(0 == lb || 0 == n, FALSE)) lb = n = 1; if (EXPECT((lb | n) > GC_SQRT_SIZE_MAX, FALSE) /* fast initial check */ - && lb > 0 && n > GC_SIZE_MAX / lb) + && n > GC_SIZE_MAX / lb) return (*GC_get_oom_fn())(GC_SIZE_MAX); /* n*lb overflow */ descr_type = GC_make_array_descriptor((word)n, (word)lb, d, -- cgit v1.2.1