This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH v2 6/7] malloc: Add more integrity checks to mremap_chunk.
- From: DJ Delorie <dj at redhat dot com>
- To: Istvan Kurucsai <pistukem at gmail dot com>
- Cc: libc-alpha at sourceware dot org, pistukem at gmail dot com
- Date: Thu, 15 Nov 2018 18:55:35 -0500
- Subject: Re: [PATCH v2 6/7] malloc: Add more integrity checks to mremap_chunk.
I +1'd this patch series last year when it was first posted (sorry about
the lack of consensus-building) but just to revive it I'll +1 it again
independently. Could we get a second review too? Florian?
Reviewed-Again-By: DJ Delorie <firstname.lastname@example.org>
Istvan Kurucsai <email@example.com> writes:
> - assert (((size + offset) & (GLRO (dl_pagesize) - 1)) == 0);
pagesize is set earlier in this function.
> + uintptr_t block = (uintptr_t) p - offset;
> + uintptr_t mem = (uintptr_t) chunk2mem(p);
block is the page that the chunk header is in; mem is the pointer the
> + size_t total_size = offset + size;
offset is "page start to chunk header", size is chunk size. This should
span to the end of a page. So...
> + if (__glibc_unlikely ((block | total_size) & (pagesize - 1)) != 0
If block or total_size are misaligned,
> + || __glibc_unlikely (!powerof2 (mem & (pagesize - 1))))
Or if the offset of the memory within the page is an unexpected size
(for us, 2*SIZE_SZ, is expected), report the error. OK.
> - if (size + offset == new_size)
> + if (total_size == new_size)
Saving an operation. OK.
> - cp = (char *) __mremap ((char *) p - offset, size + offset, new_size,
> + cp = (char *) __mremap ((char *) block, total_size, new_size,