Ticket #1731 (assigned bug)
Assumption made about buffer header alignment
|Reported by:||Paul C. Anagnostopoulos||Owned by:||Paul C. Anagnostopoulos|
Various memory management routines (e.g., gc_ms_allocate_buffer_storage) assume that the size of a buffer header is equal to the size of a pointer. This is probably true throughout the system as it stands, but those same routines take pains not to make that assumption in other places.
Here is a line from the above routine:
Buffer_buflen(buffer) = new_size - sizeof (void *);
If the size of a pointer is less than the buffer header size, the value stored in buflen will be too big. new_size includes the entire size of the buffer header, which may include alignment padding in addition to the pointer.