diff options
author | Jason Evans <jasone@canonware.com> | 2015-09-24 22:21:55 -0700 |
---|---|---|
committer | Jason Evans <jasone@canonware.com> | 2015-09-24 22:21:55 -0700 |
commit | a784e411f21f4dc827c8c411b7afa7df949c2233 (patch) | |
tree | b4fcdc20046a13c2a358bafcf7dc1df1a1baa015 /src | |
parent | e9192eacf8935e29fc62fddc2701f7942b1cc02c (diff) | |
download | jemalloc-a784e411f21f4dc827c8c411b7afa7df949c2233.tar.gz |
Fix a xallocx(..., MALLOCX_ZERO) bug.
Fix xallocx(..., MALLOCX_ZERO to zero the last full trailing page of
large allocations that have been randomly assigned an offset of 0 when
--enable-cache-oblivious configure option is enabled. This addresses a
special case missed in d260f442ce693de4351229027b37b3293fcbfd7d (Fix
xallocx(..., MALLOCX_ZERO) bugs.).
Diffstat (limited to 'src')
-rw-r--r-- | src/arena.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/arena.c b/src/arena.c index 3081519..43733cc 100644 --- a/src/arena.c +++ b/src/arena.c @@ -2683,10 +2683,16 @@ arena_ralloc_large_grow(arena_t *arena, arena_chunk_t *chunk, void *ptr, /* * Zero the trailing bytes of the original allocation's * last page, since they are in an indeterminate state. + * There will always be trailing bytes, because ptr's + * offset from the beginning of the run is a multiple of + * CACHELINE in [0 .. PAGE). */ - assert(PAGE_CEILING(oldsize) == oldsize); - memset((void *)((uintptr_t)ptr + oldsize), 0, - PAGE_CEILING((uintptr_t)ptr) - (uintptr_t)ptr); + void *zbase = (void *)((uintptr_t)ptr + oldsize); + void *zpast = PAGE_ADDR2BASE((void *)((uintptr_t)zbase + + PAGE)); + size_t nzero = (uintptr_t)zpast - (uintptr_t)zbase; + assert(nzero > 0); + memset(zbase, 0, nzero); } size = oldsize + splitsize; |