OSDev.org

Posted: **Tue Mar 10, 2009 3:17 pm**

Hello,

I just wanted to say this for other developers using JamesM's tutorials. I'm not sure but, isn't this piece of code:

Code: Select all

if ((u32int)hole_footer < heap->end_address)
       {
           hole_footer->magic = HEAP_MAGIC;
           hole_footer->header = hole_header;
       }

In chapter 7 (7.4.2.2. Allocation) supposed to be this:

Code: Select all

if (((u32int)hole_footer + sizeof(footer_t)) < heap->end_address)
       {
           hole_footer->magic = HEAP_MAGIC;
           hole_footer->header = hole_header;
       }

Because JamesM checks if writing the footer of the hole will go past the ending address of the heap, but if the starting address of the hole footer is just before the ending address, but the structure's size reaches beyond the ending address, a page-fault will/might occur. So I think this is a bug.

Can you give me any feedback on this (I'm not really a guru in heap-related things).

Posted: **Tue Mar 10, 2009 4:18 pm**

Probably a valid bug, I'll have another look when I'm not drunk!

Posted: **Wed Mar 11, 2009 2:37 am**

Hi,

From what you say it looks valid, but that operator would also need to change from '<' to '<=', because for the last entry, hole_footer + sizeof(footer_t) will equal heap->end_address.

Cheers,
Adam

Posted: **Wed Mar 11, 2009 5:51 am**

AJ wrote:Hi,

From what you say it looks valid, but that operator would also need to change from '<' to '<=', because for the last entry, hole_footer + sizeof(footer_t) will equal heap->end_address.

Cheers,
Adam

True, otherwise it won't be written if it still ends at the end-address, while it should.

OSDev.org

Heap Bug In JamesM's Tutorials

Heap Bug In JamesM's Tutorials

Re: Heap Bug In JamesM's Tutorials

Re: Heap Bug In JamesM's Tutorials

Re: Heap Bug In JamesM's Tutorials