erase existence of a buffer when it's sent out of the pool
In some complex scenario, the buffer would be freed because it's too large, another buffer would be allocated, but fail, trigger an error, and the general buffer pool would then be freed, where the definition of the already freed buffer would be found (beyond total index, but still), and freed again, resulting in double-free error.
This commit is contained in:
parent
e963800e27
commit
1416bc0f07
@ -155,6 +155,7 @@ static buffer_t ZSTDMT_getBuffer(ZSTDMT_bufferPool* bufPool)
|
||||
if (bufPool->nbBuffers) { /* try to use an existing buffer */
|
||||
buffer_t const buf = bufPool->bTable[--(bufPool->nbBuffers)];
|
||||
size_t const availBufferSize = buf.size;
|
||||
bufPool->bTable[bufPool->nbBuffers] = g_nullBuffer;
|
||||
if ((availBufferSize >= bSize) & (availBufferSize <= 10*bSize)) {
|
||||
/* large enough, but not too much */
|
||||
ZSTD_pthread_mutex_unlock(&bufPool->poolMutex);
|
||||
|
Loading…
Reference in New Issue
Block a user