Ticket #1731 (assigned bug)
Assumption made about buffer header alignment
Reported by: | Paul C. Anagnostopoulos | Owned by: | Paul C. Anagnostopoulos |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | core | Version: | 2.6.0 |
Severity: | low | Keywords: | |
Cc: | Language: | ||
Patch status: | Platform: |
Description
Various memory management routines (e.g., gc_ms_allocate_buffer_storage) assume that the size of a buffer header is equal to the size of a pointer. This is probably true throughout the system as it stands, but those same routines take pains not to make that assumption in other places.
Here is a line from the above routine:
Buffer_buflen(buffer) = new_size - sizeof (void *);
If the size of a pointer is less than the buffer header size, the value stored in buflen will be too big. new_size includes the entire size of the buffer header, which may include alignment padding in addition to the pointer.
Change History
Note: See
TracTickets for help on using
tickets.