Eagerly detect double free and sized dealloc bugs for large sizes.

2020-10-14 16:45:19 -07:00
parent be9548f2be
commit 3de19ba401
7 changed files with 136 additions and 23 deletions
--- a/src/jemalloc.c
+++ b/src/jemalloc.c
@@ -2812,7 +2812,7 @@ maybe_check_alloc_ctx(tsd_t *tsd, void *ptr, emap_alloc_ctx_t *alloc_ctx) {
 		    &dbg_ctx);
 		if (alloc_ctx->szind != dbg_ctx.szind) {
 			safety_check_fail_sized_dealloc(
-			    /* curent_dealloc */ true);
+			    /* current_dealloc */ true);
 			return true;
 		}
 		if (alloc_ctx->slab != dbg_ctx.slab) {
--- a/src/tcache.c
+++ b/src/tcache.c
@@ -428,6 +428,10 @@ tcache_bin_flush_impl(tsd_t *tsd, tcache_t *tcache, cache_bin_t *cache_bin,
 					dalloc_count++;
 				}
 			} else {
+				if (large_dalloc_safety_checks(edata, binind)) {
+					/* See the comment in isfree. */
+					continue;
+				}
 				large_dalloc_finish(tsdn, edata);
 			}
 		}