avoid undefined clz and shift in edge cases

This is triggered when get_large_size_class is called with a size in the range [1,4]. This can occur with aligned_alloc(8192, size). In practice, it doesn't appear to cause any harm, but we shouldn't have any undefined behavior for well-defined usage of the API. It also occurs if the caller passes a pointer outside the slab region to free_sized but the expected size is in the range [1,4]. That usage of free_sized is already going to be considered undefined, but we should avoid undefined behavior in the caller from triggering more undefined behavior when it's avoidable.
GrapheneOS · Feb 16, 2021 · 29b0964 · 29b0964
1 parent 1984cb3
commit 29b0964
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/h_malloc.c b/h_malloc.c
@@ -1178,6 +1178,7 @@ static size_t get_large_size_class(size_t size) {
         // 512 KiB [2560 KiB, 3 MiB, 3584 KiB, 4 MiB]
         // 1 MiB [5 MiB, 6 MiB, 7 MiB, 8 MiB]
         // etc.
+        size = max(size, PAGE_SIZE);
         size_t spacing_shift = 64 - __builtin_clzl(size - 1) - 3;
         size_t spacing_class = 1ULL << spacing_shift;
         return (size + (spacing_class - 1)) & ~(spacing_class - 1);