This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch] tcache double free check

From: Carlos O'Donell <carlos at redhat dot com>
To: Florian Weimer <fweimer at redhat dot com>, DJ Delorie <dj at redhat dot com>
Cc: libc-alpha at sourceware dot org
Date: Thu, 8 Nov 2018 15:27:33 -0500
Subject: Re: [patch] tcache double free check
References: <xnr2fxtvqv.fsf@greed.delorie.com> <87k1ln72lk.fsf@oldenburg.str.redhat.com>

On 11/8/18 3:09 PM, Florian Weimer wrote:
> * DJ Delorie:
> 
>> +  /* This test succeeds on double free.  However, we don't 100% trust
>> +     it, so verify it's not an unlikely coincidence before
>> +     aborting.  */
>> +  if (__glibc_unlikely (e->key == tcache))
>> +    {
>> +      tcache_entry *tmp;
>> +      for (tmp = tcache->entries[tc_idx];
>> +	   tmp;
>> +	   tmp = tmp->next)
>> +	{
>> +	if (tmp == e)
>> +	  malloc_printerr ("free(): double free detected in tcache");
>> +	}
>> +      /* If we get here, it was a coincidence.  We've wasted a few
>> +	 cycles, but don't abort.  */
>> +    }
> 
> One more thing:
> 
> I think you should put an Systemtap probe here, perhaps counting the
> length of the chain and logging the index, so that we can debug
> performance issues here.

... and please document the probe in the manual.

-- 
Cheers,
Carlos.

References:
- [patch] tcache double free check
  - From: DJ Delorie
- Re: [patch] tcache double free check
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]