This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch master updated. glibc-2.20-344-g9173840


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  9173840b4dbcd1a76993f22fd9595f0ae30d5a42 (commit)
      from  78e21c5df674e037d06e86c5d4cb95818c8f6b8c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9173840b4dbcd1a76993f22fd9595f0ae30d5a42

commit 9173840b4dbcd1a76993f22fd9595f0ae30d5a42
Author: James Lemke <jwlemke@codesourcery.com>
Date:   Thu Dec 11 16:38:15 2014 -0800

    Fix for test "malloc_usable_size: expected 7 but got 11"
    
    [BZ #17581] Revert this fix while investigating a problem.

diff --git a/ChangeLog b/ChangeLog
index 5f12d13..53995f9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2014-12-11  James Lemke  <jwlemke@codesourcery.com>
+
+	[BZ #17581]
+	* malloc/hooks.c
+	(mem2mem_check): Revert my previous change.
+	(malloc_check_get_size): Revert my previous change.
+	(mem2chunk_check): Revert my previous change.
+
 2014-12-11  Roland McGrath  <roland@hack.frob.com>
 
 	* sysdeps/posix/shm-directory.c: New file.
diff --git a/malloc/hooks.c b/malloc/hooks.c
index 996111a..00ee6be 100644
--- a/malloc/hooks.c
+++ b/malloc/hooks.c
@@ -90,35 +90,31 @@ __malloc_check_init (void)
 
 #define MAGICBYTE(p) ((((size_t) p >> 3) ^ ((size_t) p >> 11)) & 0xFF)
 
-/* Visualize the chunk as being partitioned into blocks of 255 bytes from the
-   highest address of the chunk, downwards.  The end of each block tells us
-   the size of that block, up to the actual size of the requested memory.
-   The last block has a length of zero and is followed by the magic byte.
-   Our magic byte is right at the end of the requested size.  If we don't
-   reach it with this iteration we have witnessed a memory corruption.  */
+/* Visualize the chunk as being partitioned into blocks of 256 bytes from the
+   highest address of the chunk, downwards.  The beginning of each block tells
+   us the size of the previous block, up to the actual size of the requested
+   memory.  Our magic byte is right at the end of the requested size, so we
+   must reach it with this iteration, otherwise we have witnessed a memory
+   corruption.  */
 static size_t
 malloc_check_get_size (mchunkptr p)
 {
-  size_t total_sz, size;
+  size_t size;
   unsigned char c;
   unsigned char magic = MAGICBYTE (p);
 
   assert (using_malloc_checking == 1);
 
-  /* Validate the length-byte chain.  */
-  total_sz = chunksize (p) + (chunk_is_mmapped (p) ? 0 : SIZE_SZ);
-  for (size = total_sz - 1;
-       (c = ((unsigned char *) p)[size]) != 0;
+  for (size = chunksize (p) - 1 + (chunk_is_mmapped (p) ? 0 : SIZE_SZ);
+       (c = ((unsigned char *) p)[size]) != magic;
        size -= c)
     {
-      if (size <= c + 2 * SIZE_SZ)
-	break;
-    }
-  if (c != 0 || ((unsigned char *) p)[--size] != magic)
-    {
-      malloc_printerr (check_action, "malloc_check_get_size: memory corruption",
-		       chunk2mem (p));
-      return 0;
+      if (c <= 0 || size < (c + 2 * SIZE_SZ))
+        {
+          malloc_printerr (check_action, "malloc_check_get_size: memory corruption",
+                           chunk2mem (p));
+          return 0;
+        }
     }
 
   /* chunk2mem size.  */
@@ -134,24 +130,22 @@ mem2mem_check (void *ptr, size_t sz)
 {
   mchunkptr p;
   unsigned char *m_ptr = ptr;
-  size_t user_sz, block_sz, i;
+  size_t i;
 
   if (!ptr)
     return ptr;
 
   p = mem2chunk (ptr);
-  user_sz = chunksize (p) + (chunk_is_mmapped (p) ? 0 : SIZE_SZ);
-  user_sz -= 2 * SIZE_SZ;
-  for (i = user_sz - 1; i > sz; i -= block_sz)
+  for (i = chunksize (p) - (chunk_is_mmapped (p) ? 2 * SIZE_SZ + 1 : SIZE_SZ + 1);
+       i > sz;
+       i -= 0xFF)
     {
-      block_sz = i - (sz + 1);
-      if (block_sz > 0xff)
-	block_sz = 0xff;
-
-      m_ptr[i] = (unsigned char) block_sz;
-
-      if (block_sz == 0)
-	break;
+      if (i - sz < 0x100)
+        {
+          m_ptr[i] = (unsigned char) (i - sz);
+          break;
+        }
+      m_ptr[i] = 0xFF;
     }
   m_ptr[sz] = MAGICBYTE (p);
   return (void *) m_ptr;
@@ -172,12 +166,11 @@ mem2chunk_check (void *mem, unsigned char **magic_p)
     return NULL;
 
   p = mem2chunk (mem);
-  sz = chunksize (p);
-  magic = MAGICBYTE (p);
   if (!chunk_is_mmapped (p))
     {
       /* Must be a chunk in conventional heap memory. */
       int contig = contiguous (&main_arena);
+      sz = chunksize (p);
       if ((contig &&
            ((char *) p < mp_.sbrk_base ||
             ((char *) p + sz) >= (mp_.sbrk_base + main_arena.system_mem))) ||
@@ -187,13 +180,12 @@ mem2chunk_check (void *mem, unsigned char **magic_p)
                                next_chunk (prev_chunk (p)) != p)))
         return NULL;
 
-      for (sz += SIZE_SZ - 1; (c = ((unsigned char *) p)[sz]) != 0; sz -= c)
+      magic = MAGICBYTE (p);
+      for (sz += SIZE_SZ - 1; (c = ((unsigned char *) p)[sz]) != magic; sz -= c)
         {
-	  if (sz <= c + 2 * SIZE_SZ)
-	    break;
+          if (c <= 0 || sz < (c + 2 * SIZE_SZ))
+            return NULL;
         }
-      if (c != 0 || ((unsigned char *) p)[--sz] != magic)
-	return NULL;
     }
   else
     {
@@ -209,16 +201,15 @@ mem2chunk_check (void *mem, unsigned char **magic_p)
            offset < 0x2000) ||
           !chunk_is_mmapped (p) || (p->size & PREV_INUSE) ||
           ((((unsigned long) p - p->prev_size) & page_mask) != 0) ||
-          ((p->prev_size + sz) & page_mask) != 0)
+          ((sz = chunksize (p)), ((p->prev_size + sz) & page_mask) != 0))
         return NULL;
 
-      for (sz -= 1; (c = ((unsigned char *) p)[sz]) != 0; sz -= c)
+      magic = MAGICBYTE (p);
+      for (sz -= 1; (c = ((unsigned char *) p)[sz]) != magic; sz -= c)
         {
-	  if (sz <= c + 2 * SIZE_SZ)
-	    break;
+          if (c <= 0 || sz < (c + 2 * SIZE_SZ))
+            return NULL;
         }
-      if (c != 0 || ((unsigned char *) p)[--sz] != magic)
-	return NULL;
     }
   ((unsigned char *) p)[sz] ^= 0xFF;
   if (magic_p)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog      |    8 +++++
 malloc/hooks.c |   79 ++++++++++++++++++++++++-------------------------------
 2 files changed, 43 insertions(+), 44 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]