fix C++ sized deallocation check false positive

thestinger · thestinger · commit 52755632528d · 2021-01-06T00:18:59.000-05:00
This is a compatibility issue triggered when both slab canaries and the
C++ allocator overloads providing sized deallocation checks are enabled.

The boundary where slab allocations are turned into large allocations
due to not having room for the canary in the largest slab allocation
size class triggers a false positive in the sized deallocation check.
diff --git a/h_malloc.c b/h_malloc.c
@@ -1552,9 +1552,11 @@ EXPORT void h_free_sized(void *p, size_t expected_size) {
         return;
     }
 
+    expected_size = adjust_size_for_canaries(expected_size);
+
     if (p < get_slab_region_end() && p >= ro.slab_region_start) {
         thread_unseal_metadata();
-        expected_size = get_size_info(adjust_size_for_canaries(expected_size)).size;
+        expected_size = get_size_info(expected_size).size;
         deallocate_small(p, &expected_size);
         thread_seal_metadata();
         return;
