From f3f75ba3dac5acc554b8aaded124c96b2a2c420b Mon Sep 17 00:00:00 2001 From: "Moe Charm (CI)" Date: Wed, 3 Dec 2025 15:30:28 +0900 Subject: [PATCH] Fix magazine spill RAW pointer type conversion for Headerless mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Problem: bulk_mag_to_sll_if_room() was passing raw pointers directly to tls_sll_push() without HAK_BASE_FROM_RAW() conversion, causing memory corruption in Headerless mode where pointer arithmetic expectations differ. Solution: Add HAK_BASE_FROM_RAW() wrapper before passing to tls_sll_push() Verification: - cfrac: PASS (Headerless ON/OFF) - sh8bench: PASS (Headerless ON/OFF) - No regressions in existing tests 🤖 Generated with Claude Code Co-Authored-By: Claude --- core/hakmem_tiny_refill.inc.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/hakmem_tiny_refill.inc.h b/core/hakmem_tiny_refill.inc.h index 78f52127..cbf7c28e 100644 --- a/core/hakmem_tiny_refill.inc.h +++ b/core/hakmem_tiny_refill.inc.h @@ -225,7 +225,8 @@ static inline int bulk_mag_to_sll_if_room(int class_idx, TinyTLSMag* mag, int n) int pushed = 0; for (int i = 0; i < take; i++) { void* p = mag->items[--mag->top].ptr; - if (!tls_sll_push(class_idx, p, cap)) { + hak_base_ptr_t base_p = HAK_BASE_FROM_RAW(p); + if (!tls_sll_push(class_idx, base_p, cap)) { mag->top++; // rollback last break; }