From e1dbf74f15c0c9dbbf12e3de47824d3ac4e2766f Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Sat, 13 Feb 2021 00:17:28 +0100 Subject: [PATCH] LibJS: Add some basic freelist validation for the GC heap When using the freelist, we now validate that the entries are actual cell pointers within the current HeapBlock. --- Userland/Libraries/LibJS/Heap/HeapBlock.cpp | 2 ++ Userland/Libraries/LibJS/Heap/HeapBlock.h | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/Userland/Libraries/LibJS/Heap/HeapBlock.cpp b/Userland/Libraries/LibJS/Heap/HeapBlock.cpp index 27f10a5e92..0341eeb243 100644 --- a/Userland/Libraries/LibJS/Heap/HeapBlock.cpp +++ b/Userland/Libraries/LibJS/Heap/HeapBlock.cpp @@ -75,6 +75,8 @@ HeapBlock::HeapBlock(Heap& heap, size_t cell_size) void HeapBlock::deallocate(Cell* cell) { + ASSERT(is_valid_cell_pointer(cell)); + ASSERT(!m_freelist || is_valid_cell_pointer(m_freelist)); ASSERT(cell->is_live()); ASSERT(!cell->is_marked()); cell->~Cell(); diff --git a/Userland/Libraries/LibJS/Heap/HeapBlock.h b/Userland/Libraries/LibJS/Heap/HeapBlock.h index f5a3493c57..6cc3e5acb1 100644 --- a/Userland/Libraries/LibJS/Heap/HeapBlock.h +++ b/Userland/Libraries/LibJS/Heap/HeapBlock.h @@ -51,6 +51,7 @@ public: { if (!m_freelist) return nullptr; + ASSERT(is_valid_cell_pointer(m_freelist)); return exchange(m_freelist, m_freelist->next); } @@ -80,6 +81,11 @@ public: return cell(cell_index); } + bool is_valid_cell_pointer(const Cell* cell) + { + return cell_from_possible_pointer((FlatPtr)cell); + } + IntrusiveListNode m_list_node; private: