AK: Take the bump-allocated chunk header into account in destroy_all()

Previously we allowed the end_offset to be larger than the chunk itself, which made it so that certain input sizes would make the logic attempt to delete a nonexistent object. Fixes #16308.
Author: https://github.com/alimpfard Commit: https://github.com/SerenityOS/serenity/commit/c500647eee Pull-request: https://github.com/SerenityOS/serenity/pull/16314 Issue: https://github.com/SerenityOS/serenity/issues/16308
2024-09-29 08:11:13 +00:00 · 2022-12-05 00:13:47 +03:30 · 2022-12-05 00:13:47 +03:30 · c500647eee · 2024-07-17 03:43:04 +09:00
parent 57dc179b1f
commit c500647eee
1 changed files with 1 additions and 1 deletions
--- a/AK/BumpAllocator.h
+++ b/AK/BumpAllocator.h
@ -181,7 +181,7 @@ public:
        this->for_each_chunk([&](auto chunk) {
            auto base_ptr = align_up_to(chunk + sizeof(typename Allocator::ChunkHeader), alignof(T));
            // Compute the offset of the first byte *after* this chunk:
-            FlatPtr end_offset = base_ptr + this->m_chunk_size - chunk;
+            FlatPtr end_offset = base_ptr + this->m_chunk_size - chunk - sizeof(typename Allocator::ChunkHeader);
            if (chunk == this->m_current_chunk)
                end_offset = this->m_byte_offset_into_current_chunk;
            // Compute the offset of the first byte *after* the last valid object, in case the end of the chunk does not align with the end of an object: