This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

GNU C Library master sources branch master updated. glibc-2.28.9000-484-gebe544b


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  ebe544bf6e8eec35e754fd49efb027c6f161b6cb (commit)
      from  5f72b00591ce4d1b4c0418294ffe1623983d5679 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ebe544bf6e8eec35e754fd49efb027c6f161b6cb

commit ebe544bf6e8eec35e754fd49efb027c6f161b6cb
Author: Istvan Kurucsai <pistukem@gmail.com>
Date:   Thu Dec 20 23:30:07 2018 -0500

    malloc: Add more integrity checks to mremap_chunk.
    
    * malloc/malloc.c (mremap_chunk): Additional checks.

diff --git a/ChangeLog b/ChangeLog
index e7d231a..ff9349f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2018-12-20  Istvan Kurucsai <pistukem@gmail.com>
+
+	* malloc/malloc.c (mremap_chunk): Additional checks.
+
 2018-12-21  Mao Han  <han_mao@c-sky.com>
 
 	* config.h.in (CSKYABI, CSKY_HARD_FLOAT): New Define.
diff --git a/malloc/malloc.c b/malloc/malloc.c
index c9b2c6e..32d47f0 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -2928,16 +2928,22 @@ mremap_chunk (mchunkptr p, size_t new_size)
   char *cp;
 
   assert (chunk_is_mmapped (p));
-  assert (((size + offset) & (GLRO (dl_pagesize) - 1)) == 0);
+
+  uintptr_t block = (uintptr_t) p - offset;
+  uintptr_t mem = (uintptr_t) chunk2mem(p);
+  size_t total_size = offset + size;
+  if (__glibc_unlikely ((block | total_size) & (pagesize - 1)) != 0
+      || __glibc_unlikely (!powerof2 (mem & (pagesize - 1))))
+    malloc_printerr("mremap_chunk(): invalid pointer");
 
   /* Note the extra SIZE_SZ overhead as in mmap_chunk(). */
   new_size = ALIGN_UP (new_size + offset + SIZE_SZ, pagesize);
 
   /* No need to remap if the number of pages does not change.  */
-  if (size + offset == new_size)
+  if (total_size == new_size)
     return p;
 
-  cp = (char *) __mremap ((char *) p - offset, size + offset, new_size,
+  cp = (char *) __mremap ((char *) block, total_size, new_size,
                           MREMAP_MAYMOVE);
 
   if (cp == MAP_FAILED)

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog       |    4 ++++
 malloc/malloc.c |   12 +++++++++---
 2 files changed, 13 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]