zig

fork of https://codeberg.org/ziglang/zig
Log | Files | Refs | README | LICENSE
commit 41430a366f75eb7301deaca91d4aea3bbf61c8ec (tree)
parent c16d4ab9e41be6b5c560d15eaa145ff3a0ffce6c
Author: Erik Arvstedt <erik.arvstedt@gmail.com>
Date:   Mon, 12 Jun 2023 22:21:29 +0200

arena_allocator/reset: fix buffer overrun

Previously, the buffer reserved with `retain_with_limit` was missing
space for the `BufNode`.

When the user-provided a limit that was smaller than `@sizeOf(BufNode)`,
`reset` would store a new `BufNode` in an allocation smaller than
`BufNode`, leading to a buffer overrun.

Diffstat:

Mlib/std/heap/arena_allocator.zig | 2+-


1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/std/heap/arena_allocator.zig b/lib/std/heap/arena_allocator.zig
@@ -120,7 +120,7 @@ pub const ArenaAllocator = struct {
         }
         const total_size = switch (mode) {
             .retain_capacity => current_capacity,
-            .retain_with_limit => |limit| std.math.min(limit, current_capacity),
+            .retain_with_limit => |limit| std.math.min(@sizeOf(BufNode) + limit, current_capacity),
             .free_all => unreachable,
         };
         const align_bits = std.math.log2_int(usize, @alignOf(BufNode));