Add stricter double free checking on large allocs (#550)

Although, double frees are generally caught on large allocs. This is done very late in the process after many operations more operations have occurred. This change brings that check much earlier in the process.
microsoft · Sep 2, 2022 · 88a2740 · 88a2740
1 parent f8efcb7
commit 88a2740
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/snmalloc/mem/localalloc.h b/src/snmalloc/mem/localalloc.h
@@ -629,6 +629,7 @@ namespace snmalloc
 
  const PagemapEntry& entry =
  Config::Backend::get_metaentry(address_cast(p_tame));
+
  if (SNMALLOC_LIKELY(local_cache.remote_allocator == entry.get_remote()))
  {
 # if defined(__CHERI_PURE_CAPABILITY__) && defined(SNMALLOC_CHECK_CLIENT)
@@ -647,6 +648,11 @@ namespace snmalloc
 # if defined(__CHERI_PURE_CAPABILITY__) && defined(SNMALLOC_CHECK_CLIENT)
  dealloc_cheri_checks(p_tame.unsafe_ptr());
 # endif
+
+ // Detect double free of large allocations here.
+ snmalloc_check_client(
+ !entry.is_backend_owned(), "Memory corruption detected");
+
  // Check if we have space for the remote deallocation
  if (local_cache.remote_dealloc_cache.reserve_space(entry))
  {