[Webkit-unassigned] [Bug 231917] New: [bmalloc] Heap.shrinkLarge() allocates non-aligned region

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 18 16:02:12 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=231917

            Bug ID: 231917
           Summary: [bmalloc] Heap.shrinkLarge() allocates non-aligned
                    region
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: bmalloc
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Basuke.Suzuki at sony.com
                CC: ggaren at apple.com

Because the newly allocated region is not aligned well, unaligned region will be returned to LargeFree while splitAndAllocate() is called. Those regions won't match to any request to LargeFree until the neighbor region is returned to LargeFree and get merged with that.

1. Align 40k memory region A. Both start and end is aligned in 4k boundary.
2. realloc A to 36k + 1. shrinkLarge tries to split it in that size, B (36k +1) and C (4k - 1)
3. B's end is not aligned, but there's no practical issue.
4. On the other hand, C's start address is not aligned and sit in the LargeFree. It won't fit to any request because it's not aligned.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211018/aa68728a/attachment-0001.htm>

More information about the webkit-unassigned mailing list