Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug fix for buddy allocator #13

Open
wants to merge 1 commit into
base: xv6-riscv-fall19
Choose a base branch
from
Open

Bug fix for buddy allocator #13

wants to merge 1 commit into from

Conversation

eugene536
Copy link

@eugene536 eugene536 commented May 31, 2020
edited
Loading

There are two corner cases that are not handled properly and as a result, you can get panic in bd_init.

First minimal example:

int sz = 256;
void *mem = malloc(sz);
bd_init(mem, mem + sz);

In bd_initfree for k = 0 we will have left = 11 and right = 16 but we have only 16 blocks for k = 0 and maximum allowed index to access in array bd_sizes[0].alloc(in function bd_initfree_pair) is 15. Therefore we have index out of range (but we will never find it with AddressSanitizer) and we will just push the last block to list and calculate wrongly free space.

Second example:

int sz = 224;
void *mem = malloc(sz);
bd_init(mem, mem + sz);

For k = 1 we will have 8 blocks at size 32 bytes, but the first 6 blocks and the last one will be marked as alloc. In function bd_initfree we will have left = 6 and right = 7 as a result we will add sixth block to the free list twice and calculate wrongly free space.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@eugene536