jayji pushed a commit to branch master.
http://git.enlightenment.org/core/efl.git/commit/?id=96ab58fb8e34868c16beca2ee99c148e31e8eb09
commit 96ab58fb8e34868c16beca2ee99c148e31e8eb09
Author: Jean Guyomarc'h <j...@guyomarch.bzh>
Date: Sat Sep 16 14:20:11 2017 +0200
eina: prevent memory corruption in chained mempool
The chained mempool uses eina trash to dispose and retrieve memory
blobs. Problem is that eina trash requires the memory blobs to be at
least of the size of a pointer. If the size of an element in the mempool
is less than the size of a pointer, which _is_ possible as no minimal
size is enforced, eina_trash will silently corrupt the memory pool.
To prevent memory corruption while still allowing small elements, the
size of an element defaults to the size of a pointer if it was smaller.
This comes at the cost of consuming slightly more memory in these cases,
but at least the memory pool can be safely be used.
@fix
---
src/modules/eina/mp/chained_pool/eina_chained_mempool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/modules/eina/mp/chained_pool/eina_chained_mempool.c
b/src/modules/eina/mp/chained_pool/eina_chained_mempool.c
index 7ab6954c7f..b50b4dd95f 100644
--- a/src/modules/eina/mp/chained_pool/eina_chained_mempool.c
+++ b/src/modules/eina/mp/chained_pool/eina_chained_mempool.c
@@ -563,7 +563,7 @@ eina_chained_mempool_init(const char *context,
memcpy((char *)mp->name, context, length);
}
- mp->item_alloc = eina_mempool_alignof(item_size);
+ mp->item_alloc = MAX(eina_mempool_alignof(item_size), sizeof(void *));
mp->pool_size = (((((mp->item_alloc * mp->pool_size + aligned_chained_pool)
/ page_size)
+ 1) * page_size)
--
