malloc_heap: Possible Control Block Overwrite When Insufficient Space in Elem

All of lore.kernel.org
 help / color / mirror / Atom feed

* malloc_heap: Possible Control Block Overwrite When Insufficient Space in Elem
@ 2023-03-30 11:34 wuchangsheng (C)
  0 siblings, 0 replies; only message in thread
From: wuchangsheng (C) @ 2023-03-30 11:34 UTC (permalink / raw)
  To: anatoly.burakov@intel.com; +Cc: dev@dpdk.org, jiangheng (G), Yanan (Euler)

[-- Attachment #1: Type: text/plain, Size: 662 bytes --]

Hello,

I seem to have discovered a problem in the heap memory allocation and deallocation operations.

    |------------------|----------------------------|

  elem  padsize    newelem

In the malloc_elem_alloc function, when padsize > cache-line (such as 64 bytes) and padsize < sizeof(struct malloc_elem), the initialization of new_elem will overwrite and damage the struct malloc_elem information of elem, while setting the state of new_elem to ELEM_PAD. When releasing new_elem in malloc_elem_free, it will be converted to elem using RTE_PTR_SUB(new_elem, new_elem->pad), but at this point, the struct malloc_elem information of elem is damaged.

[-- Attachment #2: Type: text/html, Size: 3257 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2023-03-30 11:34 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-30 11:34 malloc_heap: Possible Control Block Overwrite When Insufficient Space in Elem wuchangsheng (C)

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.