Fix alignment bug in Safe-Linking

Alignment checks should be performed on the user's buffer and NOT
on the mchunkptr as was done before. This caused bugs in 32 bit
versions, because: 2*sizeof(t) != MALLOC_ALIGNMENT.

As the tcache works on users' buffers it uses the aligned_OK()
check, and the rest work on mchunkptr and therefore check using
misaligned_chunk().

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

diff --git a/malloc/malloc.c b/malloc/malloc.c
index 0e4acb22f6857dbcec4a59b308ae5cd70aeb6eb2..6acb5ad43aaa9e059e9c8f813bc082d7436e9982 100644 (file)
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -2169,7 +2169,7 @@ do_check_malloc_state (mstate av)
 
       while (p != 0)
         {
-         if (__glibc_unlikely (!aligned_OK (p)))
+         if (__glibc_unlikely (misaligned_chunk (p)))
            malloc_printerr ("do_check_malloc_state(): "
                             "unaligned fastbin chunk detected");
           /* each chunk claims to be inuse */
@@ -2949,11 +2949,11 @@ static __always_inline void *
 tcache_get (size_t tc_idx)
 {
   tcache_entry *e = tcache->entries[tc_idx];
+  if (__glibc_unlikely (!aligned_OK (e)))
+    malloc_printerr ("malloc(): unaligned tcache chunk detected");
   tcache->entries[tc_idx] = REVEAL_PTR (e->next);
   --(tcache->counts[tc_idx]);
   e->key = NULL;
-  if (__glibc_unlikely (!aligned_OK (e)))
-    malloc_printerr ("malloc(): unaligned tcache chunk detected");
   return (void *) e;
 }
 
@@ -3591,7 +3591,7 @@ _int_malloc (mstate av, size_t bytes)
       if (victim == NULL)                              \
        break;                                          \
       pp = REVEAL_PTR (victim->fd);                                     \
-      if (__glibc_unlikely (!aligned_OK (pp)))                          \
+      if (__glibc_unlikely (pp != NULL && misaligned_chunk (pp)))       \
        malloc_printerr ("malloc(): unaligned fastbin chunk detected"); \
     }                                                  \
   while ((pp = catomic_compare_and_exchange_val_acq (fb, pp, victim)) \
@@ -3606,8 +3606,8 @@ _int_malloc (mstate av, size_t bytes)
 
       if (victim != NULL)
        {
-         if (__glibc_unlikely (!aligned_OK (victim)))
-           malloc_printerr ("malloc(): unaligned fastbin chunk detected");
+         if (__glibc_unlikely (misaligned_chunk (victim)))
+           malloc_printerr ("malloc(): unaligned fastbin chunk detected 2");
 
          if (SINGLE_THREAD_P)
            *fb = REVEAL_PTR (victim->fd);
@@ -3631,8 +3631,8 @@ _int_malloc (mstate av, size_t bytes)
                  while (tcache->counts[tc_idx] < mp_.tcache_count
                         && (tc_victim = *fb) != NULL)
                    {
-                     if (__glibc_unlikely (!aligned_OK (tc_victim)))
-                       malloc_printerr ("malloc(): unaligned fastbin chunk detected");
+                     if (__glibc_unlikely (misaligned_chunk (tc_victim)))
+                       malloc_printerr ("malloc(): unaligned fastbin chunk detected 3");
                      if (SINGLE_THREAD_P)
                        *fb = REVEAL_PTR (tc_victim->fd);
                      else
@@ -4505,7 +4505,7 @@ static void malloc_consolidate(mstate av)
     if (p != 0) {
       do {
        {
-         if (__glibc_unlikely (!aligned_OK (p)))
+         if (__glibc_unlikely (misaligned_chunk (p)))
            malloc_printerr ("malloc_consolidate(): "
                             "unaligned fastbin chunk detected");
 
@@ -4937,7 +4937,7 @@ int_mallinfo (mstate av, struct mallinfo *m)
           p != 0;
           p = REVEAL_PTR (p->fd))
         {
-         if (__glibc_unlikely (!aligned_OK (p)))
+         if (__glibc_unlikely (misaligned_chunk (p)))
            malloc_printerr ("int_mallinfo(): "
                             "unaligned fastbin chunk detected");
           ++nfastblocks;
@@ -5479,7 +5479,7 @@ __malloc_info (int options, FILE *fp)
 
              while (p != NULL)
                {
-                 if (__glibc_unlikely (!aligned_OK (p)))
+                 if (__glibc_unlikely (misaligned_chunk (p)))
                    malloc_printerr ("__malloc_info(): "
                                     "unaligned fastbin chunk detected");
                  ++nthissize;