From 70b9a8b0cb736c0dd0af6102bc97f0b9711de2b6 Mon Sep 17 00:00:00 2001
From: Matthew Parkinson <mattpark@microsoft.com>
Date: Wed, 10 Aug 2022 17:00:00 +0100
Subject: [PATCH] Add stricter double free checking on large allocs

Although, double frees are generally caught on large allocs.  This is
done very late in the process after many operations more operations have
occurred.

This change brings that check much earlier in the process.
---
 src/snmalloc/mem/localalloc.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/snmalloc/mem/localalloc.h b/src/snmalloc/mem/localalloc.h
index 592625eb5..973b4d9e2 100644
--- a/src/snmalloc/mem/localalloc.h
+++ b/src/snmalloc/mem/localalloc.h
@@ -629,6 +629,7 @@ namespace snmalloc
 
       const PagemapEntry& entry =
         Config::Backend::get_metaentry(address_cast(p_tame));
+
       if (SNMALLOC_LIKELY(local_cache.remote_allocator == entry.get_remote()))
       {
 #  if defined(__CHERI_PURE_CAPABILITY__) && defined(SNMALLOC_CHECK_CLIENT)
@@ -647,6 +648,11 @@ namespace snmalloc
 #  if defined(__CHERI_PURE_CAPABILITY__) && defined(SNMALLOC_CHECK_CLIENT)
         dealloc_cheri_checks(p_tame.unsafe_ptr());
 #  endif
+
+        // Detect double free of large allocations here.
+        snmalloc_check_client(
+          !entry.is_backend_owned(), "Memory corruption detected");
+
         // Check if we have space for the remote deallocation
         if (local_cache.remote_dealloc_cache.reserve_space(entry))
         {