libdtrace: Fix an off-by-one in the priority queue implementation
The zero'th index in the array is unused, so a priority queue of N elements needs N+1 array slots. Fix the allocation. Also fix the assertion in dt_pq_insert(): the assertion needs to be checked after incrementing the count of items in the priority queue, otherwise it can miss an overflow. Reported by: CHERI MFC after: 2 weeks Sponsored by: Innovate UK Differential Revision: https://reviews.freebsd.org/D49242
This commit is contained in:
@@ -37,7 +37,7 @@ dt_pq_init(dtrace_hdl_t *dtp, uint_t size, dt_pq_value_f value_cb, void *cb_arg)
|
||||
if ((p = dt_zalloc(dtp, sizeof (dt_pq_t))) == NULL)
|
||||
return (NULL);
|
||||
|
||||
p->dtpq_items = dt_zalloc(dtp, size * sizeof (p->dtpq_items[0]));
|
||||
p->dtpq_items = dt_zalloc(dtp, (size + 1) * sizeof (p->dtpq_items[0]));
|
||||
if (p->dtpq_items == NULL) {
|
||||
dt_free(dtp, p);
|
||||
return (NULL);
|
||||
@@ -73,9 +73,9 @@ dt_pq_insert(dt_pq_t *p, void *item)
|
||||
{
|
||||
uint_t i;
|
||||
|
||||
assert(p->dtpq_last < p->dtpq_size);
|
||||
|
||||
i = p->dtpq_last++;
|
||||
assert(i <= p->dtpq_size);
|
||||
|
||||
p->dtpq_items[i] = item;
|
||||
|
||||
while (i > 1 && dt_pq_getvalue(p, i) < dt_pq_getvalue(p, i / 2)) {
|
||||
|
||||
Reference in New Issue
Block a user