This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH v2 6/7] malloc: Add more integrity checks to mremap_chunk.

I +1'd this patch series last year when it was first posted (sorry about
the lack of consensus-building) but just to revive it I'll +1 it again
independently.  Could we get a second review too?  Florian?

Reviewed-Again-By: DJ Delorie <>

Istvan Kurucsai <> writes:
> -  assert (((size + offset) & (GLRO (dl_pagesize) - 1)) == 0);

pagesize is set earlier in this function.

> +  uintptr_t block = (uintptr_t) p - offset;
> +  uintptr_t mem = (uintptr_t) chunk2mem(p);

block is the page that the chunk header is in; mem is the pointer the
application sees.

> +  size_t total_size = offset + size;

offset is "page start to chunk header", size is chunk size.  This should
span to the end of a page.  So...

> +  if (__glibc_unlikely ((block | total_size) & (pagesize - 1)) != 0

If block or total_size are misaligned,

> +      || __glibc_unlikely (!powerof2 (mem & (pagesize - 1))))

Or if the offset of the memory within the page is an unexpected size
(for us, 2*SIZE_SZ, is expected), report the error.  OK.

> -  if (size + offset == new_size)
> +  if (total_size == new_size)

Saving an operation.  OK.

> -  cp = (char *) __mremap ((char *) p - offset, size + offset, new_size,
> +  cp = (char *) __mremap ((char *) block, total_size, new_size,

Likewise.  OK.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]