improved security by encoding NULL values; double free mitigation on by default; more precise free list corruption detection

author: daan <daanl@outlook.com> 2019-11-21 15:21:23 -0800
committer: daan <daanl@outlook.com> 2019-11-21 15:21:23 -0800
commit: 74dbfc30bebc2e7e48e88edf3cf66b35c057b16f (patch)
tree: 6314a58d57ec36272711cf99eee18823503d394d /src/alloc.c
parent: 1674d551ffe5dfffd978737786fe8f94ec7b258c (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/alloc.c b/src/alloc.c
index c486311..e68b48d 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -157,7 +157,7 @@ static mi_decl_noinline bool mi_check_is_double_freex(const mi_page_t* page, con
 }
 
 static inline bool mi_check_is_double_free(const mi_page_t* page, const mi_block_t* block) {
-  mi_block_t* n = mi_block_nextx(page->cookie, block); // pretend it is freed, and get the decoded first field
+  mi_block_t* n = mi_block_nextx(page, block, page->cookie); // pretend it is freed, and get the decoded first field
   if (((uintptr_t)n & (MI_INTPTR_SIZE-1))==0 &&        // quick check: aligned pointer?
       (n==NULL || mi_is_in_same_segment(block, n)))    // quick check: in same segment or NULL?
   { 
@@ -242,7 +242,7 @@ static mi_decl_noinline void _mi_free_block_mt(mi_page_t* page, mi_block_t* bloc
       mi_block_t* dfree;
       do {
         dfree = (mi_block_t*)heap->thread_delayed_free;
-        mi_block_set_nextx(heap->cookie,block,dfree);
+        mi_block_set_nextx(heap,block,dfree, heap->cookie);
       } while (!mi_atomic_cas_ptr_weak(mi_atomic_cast(void*,&heap->thread_delayed_free), block, dfree));
     }
author	daan <daanl@outlook.com>	2019-11-21 15:21:23 -0800
committer	daan <daanl@outlook.com>	2019-11-21 15:21:23 -0800
commit	74dbfc30bebc2e7e48e88edf3cf66b35c057b16f (patch)
tree	6314a58d57ec36272711cf99eee18823503d394d /src/alloc.c
parent	1674d551ffe5dfffd978737786fe8f94ec7b258c (diff)