dde_linux: fix possible memory leak in wait queue implementation

Fixes #4006
2025-04-12 13:48:30 +00:00 · 2021-02-01 05:46:08 +01:00 · 2021-02-01 05:46:08 +01:00 · e1698cf200
commit e1698cf200
parent 2670ae399b
2 changed files with 11 additions and 1 deletions
--- a/repos/dde_linux/src/include/lx_emul/impl/completion.h
+++ b/repos/dde_linux/src/include/lx_emul/impl/completion.h
@ -21,7 +21,9 @@ typedef Lx::Task::List         Wait_list;

 void init_waitqueue_head(wait_queue_head_t *wq)
 {
-	wq->list = new (&Lx_kit::env().heap()) Wait_list;
+	static_assert(sizeof(wq->wait_list_reserved) >= sizeof(Wait_list));
+	Genode::construct_at<Wait_list>(wq->wait_list_reserved);
+	wq->list = &wq->wait_list_reserved;
 }

 void add_wait_queue(wait_queue_head_t *q, wait_queue_entry_t *wait)
--- a/repos/dde_linux/src/include/lx_emul/work.h
+++ b/repos/dde_linux/src/include/lx_emul/work.h
@ -151,6 +151,14 @@ typedef int (*wait_queue_func_t)(wait_queue_entry_t *, unsigned, int, void *);
 typedef struct wait_queue_head {
 	spinlock_t  lock;
 	void       *list;
+	/*
+	 * Reserve memory for a 'Wait_list' object, which needs to be
+	 * freed together with the 'wait_queue_head_t' object.
+	 *
+	 * This implementation relies on the currently given fact that
+	 * 'Wait_list' does not need to have a destructor called.
+	 */
+	char        wait_list_reserved[8];
 } wait_queue_head_t;
 struct wait_queue_entry {
 	unsigned int		flags;