* malloc_heap: Possible Control Block Overwrite When Insufficient Space in Elem
@ 2023-03-30 11:34 wuchangsheng (C)
0 siblings, 0 replies; only message in thread
From: wuchangsheng (C) @ 2023-03-30 11:34 UTC (permalink / raw)
To: anatoly.burakov; +Cc: dev, jiangheng (G), Yanan (Euler)
[-- Attachment #1: Type: text/plain, Size: 662 bytes --]
Hello,
I seem to have discovered a problem in the heap memory allocation and deallocation operations.
|------------------|----------------------------|
elem padsize newelem
In the malloc_elem_alloc function, when padsize > cache-line (such as 64 bytes) and padsize < sizeof(struct malloc_elem), the initialization of new_elem will overwrite and damage the struct malloc_elem information of elem, while setting the state of new_elem to ELEM_PAD. When releasing new_elem in malloc_elem_free, it will be converted to elem using RTE_PTR_SUB(new_elem, new_elem->pad), but at this point, the struct malloc_elem information of elem is damaged.
[-- Attachment #2: Type: text/html, Size: 3257 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-03-30 11:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-30 11:34 malloc_heap: Possible Control Block Overwrite When Insufficient Space in Elem wuchangsheng (C)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).