From 41430a366f75eb7301deaca91d4aea3bbf61c8ec Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Mon, 12 Jun 2023 22:21:29 +0200
Subject: [PATCH] arena_allocator/reset: fix buffer overrun

Previously, the buffer reserved with `retain_with_limit` was missing
space for the `BufNode`.

When the user-provided a limit that was smaller than `@sizeOf(BufNode)`,
`reset` would store a new `BufNode` in an allocation smaller than
`BufNode`, leading to a buffer overrun.
---
 lib/std/heap/arena_allocator.zig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/std/heap/arena_allocator.zig b/lib/std/heap/arena_allocator.zig
index 9489bbb449..6f32b818d4 100644
--- a/lib/std/heap/arena_allocator.zig
+++ b/lib/std/heap/arena_allocator.zig
@@ -120,7 +120,7 @@ pub const ArenaAllocator = struct {
         }
         const total_size = switch (mode) {
             .retain_capacity => current_capacity,
-            .retain_with_limit => |limit| std.math.min(limit, current_capacity),
+            .retain_with_limit => |limit| std.math.min(@sizeOf(BufNode) + limit, current_capacity),
             .free_all => unreachable,
         };
         const align_bits = std.math.log2_int(usize, @alignOf(BufNode));