Access of memory past the end of a memory buffer

In the API [malloc_ex()](https://github.com/emeryberger/Malloc-Implementations/blob/master/allocators/TLSF/TLSF-2.4.6/src/tlsf.c#L751) [free_ex()](https://github.com/emeryberger/Malloc-Implementations/blob/master/allocators/TLSF/TLSF-2.4.6/src/tlsf.c#L834) [realloc_ex()](https://github.com/emeryberger/Malloc-Implementations/blob/master/allocators/TLSF/TLSF-2.4.6/src/tlsf.c#L907) taking address with `&tlsf->fl_bitmap` yields a singleton pointer and passing `&tlsf->fl_bitmap` to function [set_bit](url) which uses it as an array. This might corrupt or misinterpret adjacent memory locations. Out-of-bounds access that memory not owned by this buffer will be accessed, causing memory corruption or incorrect computations.

#https://github.com/ros2/tlsf/issues/5

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Access of memory past the end of a memory buffer #2

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Access of memory past the end of a memory buffer #2

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions