encounter/dawn-cmake
1
0
Fork 0
mirror of https://github.com/encounter/dawn-cmake.git synced 2025-12-16 16:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

SlabAllocator: Fix writing to freed memory on slab destruction

Browse Source 
unique_ptr's destructor sets itself to null and frees its owned
memory. This is a problem because for the slab allocator, the
member variable holding the unique_ptr is inside the freed memory.

Bug: skia:10501
Change-Id: I41179261041fe415bb2af3667114b079f61b3c7b
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/48100
Auto-Submit: Austin Eng <enga@chromium.org>
Reviewed-by: Stephen White <senorblanco@chromium.org>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Austin Eng <enga@chromium.org>
This commit is contained in:
Austin Eng
2021-04-20 17:53:50 +00:00
committed by Commit Bot service account
parent cd39ade86f
commit 9aadf94c15
2 changed files with 9 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/common/SlabAllocator.cpp
View File

@@ -30,12 +30,8 @@ SlabAllocatorImpl::IndexLinkNode::IndexLinkNode(Index index, Index nextIndex)
// Slab
SlabAllocatorImpl::Slab::Slab(std::unique_ptr<char[]> allocation, IndexLinkNode* head)
: allocation(std::move(allocation)),
freeList(head),
prev(nullptr),
next(nullptr),
blocksInUse(0) {
SlabAllocatorImpl::Slab::Slab(char allocation[], IndexLinkNode* head)
: allocation(allocation), freeList(head), prev(nullptr), next(nullptr), blocksInUse(0) {
}
SlabAllocatorImpl::Slab::Slab(Slab&& rhs) = default;
@@ -50,7 +46,8 @@ SlabAllocatorImpl::SentinelSlab::~SentinelSlab() {
while (slab != nullptr) {
Slab* next = slab->next;
ASSERT(slab->blocksInUse == 0);
slab->~Slab();
// Delete the slab's allocation. The slab is allocated inside slab->allocation.
delete[] slab->allocation;
slab = next;
}
}
@@ -232,8 +229,8 @@ void SlabAllocatorImpl::GetNewSlab() {
}
// TODO(enga): Use aligned_alloc with C++17.
auto allocation = std::unique_ptr<char[]>(new char[mTotalAllocationSize]);
char* alignedPtr = AlignPtr(allocation.get(), mAllocationAlignment);
char* allocation = new char[mTotalAllocationSize];
char* alignedPtr = AlignPtr(allocation, mAllocationAlignment);
char* dataStart = alignedPtr + mSlabBlocksOffset;
@@ -245,5 +242,5 @@ void SlabAllocatorImpl::GetNewSlab() {
IndexLinkNode* lastNode = OffsetFrom(node, mBlocksPerSlab - 1);
lastNode->nextIndex = kInvalidIndex;
mAvailableSlabs.Prepend(new (alignedPtr) Slab(std::move(allocation), node));
mAvailableSlabs.Prepend(new (alignedPtr) Slab(allocation, node));
}