This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.18-694-gabc26e9
- From: mkuvyrkov at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 23 Dec 2013 21:07:24 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.18-694-gabc26e9
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via abc26e998f74750850cc02f9c249ee794cbdd8e8 (commit)
via 362b47fe09ca9a928d444c7e2f7992f7f61bfc3e (commit)
from b9bcbbcbe7afa94442d335811d4a1c1e0c0a1daf (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=abc26e998f74750850cc02f9c249ee794cbdd8e8
commit abc26e998f74750850cc02f9c249ee794cbdd8e8
Author: Maxim Kuvyrkov <maxim@kugelworks.com>
Date: Tue Dec 24 09:55:03 2013 +1300
Restore accidentally deleted bug-fix entries in NEWS.
* NEWS: Restore accidentally deleted bug-fix entries.
diff --git a/ChangeLog b/ChangeLog
index f3ead2e..9528f88 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,8 @@
2013-12-24 Maxim Kuvyrkov <maxim@kugelworks.com>
+
+ * NEWS: Restore accidentally deleted bug-fix entries.
+
+2013-12-24 Maxim Kuvyrkov <maxim@kugelworks.com>
OndÅ?ej BÃlka <neleai@seznam.cz>
[BZ #15073]
diff --git a/NEWS b/NEWS
index 90e6c65..f3c19d8 100644
--- a/NEWS
+++ b/NEWS
@@ -22,7 +22,8 @@ Version 2.19
15948, 15963, 15966, 15985, 15988, 15997, 16032, 16034, 16036, 16037,
16038, 16041, 16055, 16071, 16072, 16074, 16077, 16078, 16103, 16112,
16143, 16144, 16146, 16150, 16151, 16153, 16167, 16172, 16195, 16214,
- 16245, 16356.
+ 16245, 16271, 16274, 16283, 16289, 16293, 16314, 16316, 16330, 16337,
+ 16338, 16356.
* The public headers no longer use __unused nor __block. This change is to
support compiling programs that are derived from BSD sources and use
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=362b47fe09ca9a928d444c7e2f7992f7f61bfc3e
commit 362b47fe09ca9a928d444c7e2f7992f7f61bfc3e
Author: Maxim Kuvyrkov <maxim@kugelworks.com>
Date: Tue Dec 24 09:44:50 2013 +1300
Fix race in free() of fastbin chunk: BZ #15073
Perform sanity check only if we have_lock. Due to lockless nature of fastbins
we need to be careful derefencing pointers to fastbin entries (chunksize(old)
in this case) in multithreaded environments.
The fix is to add have_lock to the if-condition checks. The rest of the patch
only makes code more readable.
* malloc/malloc.c (_int_free): Perform sanity check only if we
have_lock.
diff --git a/ChangeLog b/ChangeLog
index 667b3f1..f3ead2e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2013-12-24 Maxim Kuvyrkov <maxim@kugelworks.com>
+ OndÅ?ej BÃlka <neleai@seznam.cz>
+
+ [BZ #15073]
+ * malloc/malloc.c (_int_free): Perform sanity check only if we
+ have_lock.
+
2013-12-23 OndÅ?ej BÃlka <neleai@seznam.cz>
[BZ #12986]
diff --git a/NEWS b/NEWS
index 5c76adc..90e6c65 100644
--- a/NEWS
+++ b/NEWS
@@ -12,17 +12,17 @@ Version 2.19
156, 387, 431, 832, 926, 2801, 4772, 6786, 6787, 6807, 6810, 7003, 9954,
10253, 10278, 11087, 11157, 11214, 12100, 12486, 12986, 13028, 13982,
13985, 14029, 14032, 14120, 14143, 14155, 14547, 14699, 14752, 14876,
- 14910, 15004, 15048, 15089, 15128, 15218, 15268, 15277, 15308, 15362,
- 15374, 15400, 15425, 15427, 15483, 15522, 15531, 15532, 15593, 15601,
- 15608, 15609, 15610, 15632, 15640, 15670, 15672, 15680, 15681, 15723,
- 15734, 15735, 15736, 15748, 15749, 15754, 15760, 15763, 15764, 15797,
- 15799, 15825, 15843, 15844, 15846, 15847, 15849, 15855, 15856, 15857,
- 15859, 15867, 15886, 15887, 15890, 15892, 15893, 15895, 15897, 15901,
- 15905, 15909, 15915, 15917, 15919, 15921, 15923, 15939, 15941, 15948,
- 15963, 15966, 15985, 15988, 15997, 16032, 16034, 16036, 16037, 16038,
- 16041, 16055, 16071, 16072, 16074, 16077, 16078, 16103, 16112, 16143,
- 16144, 16146, 16150, 16151, 16153, 16167, 16172, 16195, 16214, 16245,
- 16356.
+ 14910, 15004, 15048, 15073, 15089, 15128, 15218, 15268, 15277, 15308,
+ 15362, 15374, 15400, 15425, 15427, 15483, 15522, 15531, 15532, 15593,
+ 15601, 15608, 15609, 15610, 15632, 15640, 15670, 15672, 15680, 15681,
+ 15723, 15734, 15735, 15736, 15748, 15749, 15754, 15760, 15763, 15764,
+ 15797, 15799, 15825, 15843, 15844, 15846, 15847, 15849, 15855, 15856,
+ 15857, 15859, 15867, 15886, 15887, 15890, 15892, 15893, 15895, 15897,
+ 15901, 15905, 15909, 15915, 15917, 15919, 15921, 15923, 15939, 15941,
+ 15948, 15963, 15966, 15985, 15988, 15997, 16032, 16034, 16036, 16037,
+ 16038, 16041, 16055, 16071, 16072, 16074, 16077, 16078, 16103, 16112,
+ 16143, 16144, 16146, 16150, 16151, 16153, 16167, 16172, 16195, 16214,
+ 16245, 16356.
* The public headers no longer use __unused nor __block. This change is to
support compiling programs that are derived from BSD sources and use
diff --git a/malloc/malloc.c b/malloc/malloc.c
index b1668b5..5e419ad 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3783,25 +3783,29 @@ _int_free(mstate av, mchunkptr p, int have_lock)
unsigned int idx = fastbin_index(size);
fb = &fastbin (av, idx);
- mchunkptr fd;
- mchunkptr old = *fb;
+ /* Atomically link P to its fastbin: P->FD = *FB; *FB = P; */
+ mchunkptr old = *fb, old2;
unsigned int old_idx = ~0u;
do
{
- /* Another simple check: make sure the top of the bin is not the
- record we are going to add (i.e., double free). */
+ /* Check that the top of the bin is not the record we are going to add
+ (i.e., double free). */
if (__builtin_expect (old == p, 0))
{
errstr = "double free or corruption (fasttop)";
goto errout;
}
- if (old != NULL)
+ /* Check that size of fastbin chunk at the top is the same as
+ size of the chunk that we are adding. We can dereference OLD
+ only if we have the lock, otherwise it might have already been
+ deallocated. See use of OLD_IDX below for the actual check. */
+ if (have_lock && old != NULL)
old_idx = fastbin_index(chunksize(old));
- p->fd = fd = old;
+ p->fd = old2 = old;
}
- while ((old = catomic_compare_and_exchange_val_rel (fb, p, fd)) != fd);
+ while ((old = catomic_compare_and_exchange_val_rel (fb, p, old2)) != old2);
- if (fd != NULL && __builtin_expect (old_idx != idx, 0))
+ if (have_lock && old != NULL && __builtin_expect (old_idx != idx, 0))
{
errstr = "invalid fastbin entry (free)";
goto errout;
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 11 +++++++++++
NEWS | 23 ++++++++++++-----------
malloc/malloc.c | 20 ++++++++++++--------
3 files changed, 35 insertions(+), 19 deletions(-)
hooks/post-receive
--
GNU C Library master sources