From 1baa4e3b833603dc252ec656023b3e29a67315e4 Mon Sep 17 00:00:00 2001 From: Nathaniel Wesley Filardo Date: Wed, 4 Sep 2024 14:11:04 -0400 Subject: [PATCH] One possible fix to Buddy MIN == MAX case This is one possible way to fix the 0-length arrays discussed (and made into assertion failures) in the previous commit. This works because the Buddy's `MIN_SIZE_BITS` is instantiated at `MIN_CHUNK_BITS`, and so the change here then ensures that its `MAX_SIZE_BITS` is strictly greater than `MIN_CHUNK_BITS`. A different, and possibly better, solution would be to drop the LargeBuddyRange from CentralMetaRange when `max_page_chunk_size_bits` is computed to be equal to `MIN_CHUNK_BITS`. --- src/snmalloc/backend/meta_protected_range.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/snmalloc/backend/meta_protected_range.h b/src/snmalloc/backend/meta_protected_range.h index 5c5795cc0..ee40ae0b8 100644 --- a/src/snmalloc/backend/meta_protected_range.h +++ b/src/snmalloc/backend/meta_protected_range.h @@ -44,7 +44,7 @@ namespace snmalloc bits::next_pow2_bits_const(PAL::page_size); static constexpr size_t max_page_chunk_size_bits = - bits::max(page_size_bits, MIN_CHUNK_BITS); + bits::max(page_size_bits, MIN_CHUNK_BITS + 1); // Central source of object-range, does not pass back to GlobalR as // that would allow flows from Objects to Meta-data, and thus UAF