Skip to site navigation (Press enter)

[webkit-changes] [198680] trunk/Source/bmalloc

ggaren Fri, 25 Mar 2016 11:42:31 -0700

Title: [198680] trunk/Source/bmalloc

Revision: 198680
Author: [email protected]
Date: 2016-03-25 11:42:18 -0700 (Fri, 25 Mar 2016)

Log Message

bmalloc: stress_aligned fails when allocating a zero-sized object with XLarge alignment
https://bugs.webkit.org/show_bug.cgi?id=155896


Reviewed by Andreas Kling.

We normally filter zero-sized allocations into small allocations, but
a zero-sized allocation can sneak through if it requires sufficiently
large alignment.

* bmalloc/Heap.cpp:
(bmalloc::Heap::tryAllocateXLarge): Set a floor on allocation size to
catch zero-sized allocations.

Modified Paths

trunk/Source/bmalloc/ChangeLog
trunk/Source/bmalloc/bmalloc/Heap.cpp

Diff

Modified: trunk/Source/bmalloc/ChangeLog (198679 => 198680)


--- trunk/Source/bmalloc/ChangeLog	2016-03-25 18:32:11 UTC (rev 198679)
+++ trunk/Source/bmalloc/ChangeLog	2016-03-25 18:42:18 UTC (rev 198680)
@@ -1,5 +1,20 @@
 2016-03-25  Geoffrey Garen  <[email protected]>
 
+        bmalloc: stress_aligned fails when allocating a zero-sized object with XLarge alignment
+        https://bugs.webkit.org/show_bug.cgi?id=155896
+
+        Reviewed by Andreas Kling.
+
+        We normally filter zero-sized allocations into small allocations, but
+        a zero-sized allocation can sneak through if it requires sufficiently
+        large alignment.
+
+        * bmalloc/Heap.cpp:
+        (bmalloc::Heap::tryAllocateXLarge): Set a floor on allocation size to
+        catch zero-sized allocations.
+
+2016-03-25  Geoffrey Garen  <[email protected]>
+
         bmalloc: Renamed LargeChunk => Chunk
         https://bugs.webkit.org/show_bug.cgi?id=155894

Modified: trunk/Source/bmalloc/bmalloc/Heap.cpp (198679 => 198680)


--- trunk/Source/bmalloc/bmalloc/Heap.cpp	2016-03-25 18:32:11 UTC (rev 198679)
+++ trunk/Source/bmalloc/bmalloc/Heap.cpp	2016-03-25 18:42:18 UTC (rev 198680)
@@ -429,6 +429,7 @@
 
     m_isAllocatingPages = true;
 
+    size = std::max(vmPageSize, size);
     alignment = roundUpToMultipleOf<xLargeAlignment>(alignment);
 
     XLargeRange range = m_xLargeMap.takeFree(alignment, size);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes