buflib: fix bug in handle_table_shrink - rockbox - Read-only mirror of https://git.rockbox.org/cgit/rockbox.git/

diff options

author	Aidan MacDonald <amachronic@protonmail.com>	2022-03-28 21:59:43 +0100
committer	Aidan MacDonald <amachronic@protonmail.com>	2022-09-19 15:09:51 -0400
commit	c8365b2bddbdb85a983efcab0485cb8587b90bb2 (patch)
tree	03f91a29a0491a60e24914d4f6561b195d910311 /apps
parent	4d3bf1c446a7d1d2f85d368dfff70fcedfb5e045 (diff)
download	rockbox-c8365b2bddbdb85a983efcab0485cb8587b90bb2.tar.gz rockbox-c8365b2bddbdb85a983efcab0485cb8587b90bb2.zip

buflib: fix bug in handle_table_shrink

The way it iterated over the handle table is unsafe if *every* handle is free, leading to an out of bounds access. This is a contrived example, but the bug can be triggered by making several allocations, freeing them out of order so that the handle table remains uncompacted, and then triggering a compaction using buflib_alloc_maximum(). Change-Id: I879e2f0b223e6ca596769610ac46f4edf1107f5c

Diffstat (limited to 'apps')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: