mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-09-14 13:32:23 +00:00
Kernel: Don't overrun the buffer in krealloc()
The allocation_size_in_chunks field contains the bytes necessary for the AllocationHeader so we need to subtract that when we try to figure out how much user data we have to copy. Fixes #7549.
This commit is contained in:
parent
e2989424c7
commit
77f9f442d8
Notes:
sideshowbarker
2024-07-18 17:13:53 +09:00
Author: https://github.com/gunnarbeutner
Commit: 77f9f442d8
Pull-request: https://github.com/SerenityOS/serenity/pull/7553
Issue: https://github.com/SerenityOS/serenity/issues/7549
Reviewed-by: https://github.com/bgianfo ✅
1 changed files with 1 additions and 1 deletions
|
@ -113,7 +113,7 @@ public:
|
|||
VERIFY((u8*)a >= m_chunks && (u8*)ptr < m_chunks + m_total_chunks * CHUNK_SIZE);
|
||||
VERIFY((u8*)a + a->allocation_size_in_chunks * CHUNK_SIZE <= m_chunks + m_total_chunks * CHUNK_SIZE);
|
||||
|
||||
size_t old_size = a->allocation_size_in_chunks * CHUNK_SIZE;
|
||||
size_t old_size = a->allocation_size_in_chunks * CHUNK_SIZE - sizeof(AllocationHeader);
|
||||
|
||||
if (old_size == new_size)
|
||||
return ptr;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue