Ticket #6312: slab-ReturnObjectToSlab-protect-from-wrong-freed-object-v1.patch
| File slab-ReturnObjectToSlab-protect-from-wrong-freed-object-v1.patch, 816 bytes (added by , 14 years ago) |
|---|
-
src/system/kernel/slab/ObjectCache.cpp
202 202 } 203 203 204 204 ParanoiaChecker _(source); 205 uint8* data = (uint8*) object; 206 if (data < source->pages 207 || data >= (uint8*) source->pages + source->size * object_size) { 208 panic("object_cache: free'd object does not belong to slab"); 209 } 205 210 211 intptr_t objectOffset = data - source->offset - (uint8*) source->pages; 212 if (objectOffset % object_size != 0) { 213 panic("object_cache: returning a wrong pointer to a slab object"); 214 } 215 206 216 object_link* link = object_to_link(object, object_size); 207 217 208 218 TRACE_CACHE(this, "returning %p (%p) to %p, %lu used (%lu empty slabs).",
