Fix disjoint_pool_free() and proxy_free()

ldorau · ldorau · commit 32175d98e2cb · 2025-03-05T15:23:48.000+01:00
Fix disjoint_pool_free() and proxy_free() - error out
on pool mismatch, when we try to free the pointer
belonging to a different pool.

Signed-off-by: Lukasz Dorau &lt;lukasz.dorau@intel.com&gt;
diff --git a/src/memory_pool.c b/src/memory_pool.c
@@ -208,3 +208,10 @@ umf_result_t umfPoolGetTag(umf_memory_pool_handle_t hPool, void **tag) {
     utils_mutex_unlock(&hPool->lock);
     return UMF_RESULT_SUCCESS;
 }
+
+void *umfPoolGetPoolPriv(umf_memory_pool_handle_t hPool) {
+    if (hPool == NULL) {
+        return NULL;
+    }
+    return hPool->pool_priv;
+}
diff --git a/src/memory_pool_internal.h b/src/memory_pool_internal.h
@@ -36,6 +36,8 @@ typedef struct umf_memory_pool_t {
     void *tag;
 } umf_memory_pool_t;
 
+void *umfPoolGetPoolPriv(umf_memory_pool_handle_t hPool);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/pool/pool_disjoint.c b/src/pool/pool_disjoint.c
@@ -17,6 +17,7 @@
 #include <umf/memory_provider.h>
 
 #include "base_alloc_global.h"
+#include "memory_pool_internal.h"
 #include "pool_disjoint_internal.h"
 #include "provider/provider_tracking.h"
 #include "uthash/utlist.h"
@@ -819,6 +820,11 @@ umf_result_t disjoint_pool_free(void *pool, void *ptr) {
             return ret;
         }
 
+        if (pool != umfPoolGetPoolPriv(allocInfo.pool)) {
+            LOG_ERR("pool mismatch");
+            return UMF_RESULT_ERROR_INVALID_ARGUMENT;
+        }
+
         size_t size = allocInfo.baseSize;
         umf_memory_provider_handle_t provider = disjoint_pool->provider;
         ret = umfMemoryProviderFree(provider, ptr, size);
diff --git a/src/pool/pool_proxy.c b/src/pool/pool_proxy.c
@@ -13,8 +13,10 @@
 #include <assert.h>
 
 #include "base_alloc_global.h"
+#include "memory_pool_internal.h"
 #include "provider/provider_tracking.h"
 #include "utils_common.h"
+#include "utils_log.h"
 
 static __TLS umf_result_t TLS_last_allocation_error;
 
@@ -100,6 +102,11 @@ static umf_result_t proxy_free(void *pool, void *ptr) {
         umf_alloc_info_t allocInfo = {NULL, 0, NULL};
         umf_result_t umf_result = umfMemoryTrackerGetAllocInfo(ptr, &allocInfo);
         if (umf_result == UMF_RESULT_SUCCESS) {
+            if (pool != umfPoolGetPoolPriv(allocInfo.pool)) {
+                LOG_ERR("pool mismatch");
+                return UMF_RESULT_ERROR_INVALID_ARGUMENT;
+            }
+
             size = allocInfo.baseSize;
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,8 @@ typedef struct umf_memory_pool_t {`
`36`	`36`	`void *tag;`
`37`	`37`	`} umf_memory_pool_t;`
`38`	`38`
	`39`	`+void *umfPoolGetPoolPriv(umf_memory_pool_handle_t hPool);`
	`40`	`+`
`39`	`41`	`#ifdef __cplusplus`
`40`	`42`	`}`
`41`	`43`	`#endif`