|
 |
34ad3a |
From 01a8bf01c6508a4fea8d40371c3049e7a2f7908a Mon Sep 17 00:00:00 2001
|
|
|
34ad3a |
From: Chris Wilson <chris@chris-wilson.co.uk>
|
|
|
34ad3a |
Date: Fri, 15 Mar 2013 09:08:00 +0000
|
|
|
34ad3a |
Subject: [PATCH] mempool: Reduce an assert into an error return for
|
|
|
34ad3a |
get_buddy()
|
|
|
34ad3a |
|
|
|
34ad3a |
If we ask for a buddy that is outside of our allocation that is an
|
|
|
34ad3a |
error that should not happen with a power-of-two allocated zone...
|
|
|
34ad3a |
However, since it has been seen in the wild, we can safely return that
|
|
|
34ad3a |
there is no buddy rather than die in a too-late assert.
|
|
|
34ad3a |
|
|
|
34ad3a |
Reported-by: Anton Eliasson <devel@antoneliasson.se>
|
|
|
34ad3a |
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
|
|
|
34ad3a |
---
|
|
|
34ad3a |
src/cairo-mempool.c | 3 ++-
|
|
|
34ad3a |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
34ad3a |
|
|
|
34ad3a |
diff --git a/src/cairo-mempool.c b/src/cairo-mempool.c
|
|
|
34ad3a |
index 96e4a62..751ede3 100644
|
|
|
34ad3a |
--- a/src/cairo-mempool.c
|
|
|
34ad3a |
+++ b/src/cairo-mempool.c
|
|
|
34ad3a |
@@ -157,7 +157,8 @@ get_buddy (cairo_mempool_t *pool, size_t offset, int bits)
|
|
|
34ad3a |
{
|
|
|
34ad3a |
struct _cairo_memblock *block;
|
|
|
34ad3a |
|
|
|
34ad3a |
- assert (offset + (1 << bits) <= pool->num_blocks);
|
|
|
34ad3a |
+ if (offset + (1 << bits) >= pool->num_blocks)
|
|
|
34ad3a |
+ return NULL; /* invalid */
|
|
|
34ad3a |
|
|
|
34ad3a |
if (BITTEST (pool, offset + (1 << bits) - 1))
|
|
|
34ad3a |
return NULL; /* buddy is allocated */
|
|
|
34ad3a |
--
|
|
|
34ad3a |
1.8.1.4
|
|
|
34ad3a |
|