This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch master updated. glibc-2.28.9000-370-g7c9a7c6


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  7c9a7c68363051cfc5fa1ebb96b3b2c1f82dcb76 (commit)
      from  37caec3a11eb329f333bc70cf772cb9a9734325a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=7c9a7c68363051cfc5fa1ebb96b3b2c1f82dcb76

commit 7c9a7c68363051cfc5fa1ebb96b3b2c1f82dcb76
Author: DJ Delorie <dj@redhat.com>
Date:   Fri Nov 30 22:13:09 2018 -0500

    malloc: Add another test for tcache double free check.
    
    This one tests for BZ#23907 where the double free
    test didn't check the tcache bin bounds before dereferencing
    the bin.
    
    [BZ #23907]
    * malloc/tst-tcfree3.c: New.
    * malloc/Makefile: Add it.

diff --git a/ChangeLog b/ChangeLog
index 2a5fad3..7c4b061 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2018-12-07  DJ Delorie  <dj@redhat.com>
+
+	[BZ #23907]
+	* malloc/tst-tcfree3.c: New.
+	* malloc/Makefile: Add it.
+
 2018-12-07  H.J. Lu  <hongjiu.lu@intel.com>
 
 	* include/sched.h (__getcpu): Don't use __typeof__ (getcpu).
diff --git a/malloc/Makefile b/malloc/Makefile
index e6dfbfc..388cf7e 100644
--- a/malloc/Makefile
+++ b/malloc/Makefile
@@ -38,7 +38,7 @@ tests := mallocbug tst-malloc tst-valloc tst-calloc tst-obstack \
 	 tst-malloc_info \
 	 tst-malloc-too-large \
 	 tst-malloc-stats-cancellation \
-	 tst-tcfree1 tst-tcfree2 \
+	 tst-tcfree1 tst-tcfree2 tst-tcfree3 \
 
 tests-static := \
 	 tst-interpose-static-nothread \
diff --git a/malloc/tst-tcfree3.c b/malloc/tst-tcfree3.c
new file mode 100644
index 0000000..016d30d
--- /dev/null
+++ b/malloc/tst-tcfree3.c
@@ -0,0 +1,56 @@
+/* Test that malloc tcache catches double free.
+   Copyright (C) 2018 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+#include <malloc.h>
+#include <string.h>
+
+/* Prevent GCC from optimizing away any malloc/free pairs.  */
+#pragma GCC optimize ("O0")
+
+static int
+do_test (void)
+{
+  /* Do two allocation of any size that fit in tcache, and one that
+     doesn't.  */
+  int ** volatile a = malloc (32);
+  int ** volatile b = malloc (32);
+  /* This is just under the mmap threshold.  */
+  int ** volatile c = malloc (127 * 1024);
+
+  /* The invalid "tcache bucket" we might dereference will likely end
+     up somewhere within this memory block, so make all the accidental
+     "next" pointers cause segfaults.  BZ #23907.  */
+  memset (c, 0xff, 127 * 1024);
+
+  free (a); // puts in tcache
+
+  /* A is now free and contains the key we use to detect in-tcache.
+     Copy the key to the other chunks.  */
+  memcpy (b, a, 32);
+  memcpy (c, a, 32);
+
+  /* This free tests the "are we in the tcache already" loop with a
+     VALID bin but "coincidental" matching key.  */
+  free (b); // should NOT abort
+  /* This free tests the "is it a valid tcache bin" test.  */
+  free (c); // should NOT abort
+
+  return 0;
+}
+
+#include <support/test-driver.c>

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog            |    6 +++++
 malloc/Makefile      |    2 +-
 malloc/tst-tcfree3.c |   56 ++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 63 insertions(+), 1 deletions(-)
 create mode 100644 malloc/tst-tcfree3.c


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]