This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Fix assertion in malloc.c:tcache_get

From: Adam Maris <amaris at redhat dot com>
To: libc-alpha at sourceware dot org
Date: Mon, 11 Feb 2019 15:30:01 +0100
Subject: Re: Fix assertion in malloc.c:tcache_get
References: <09228f1a-143c-0dc3-a1c2-ed74bee7a573@redhat.com> <xnzhr8zxd6.fsf@envy.delorie.com>

On Wed, Feb 6, 2019 at 5:37 PM DJ Delorie <dj@delorie.com> wrote:
>
>
> "Carlos O'Donell" <carlos@redhat.com> writes:
> > On 2/4/19 6:36 PM, DJ Delorie wrote:
> >> Joseph Myers <joseph@codesourcery.com> writes:
> >>> -  assert (tcache->entries[tc_idx] > 0);
> >>> +  assert (tcache->counts[tc_idx] > 0);
> >>
> >> Yes please :-)
> >
> > Did we backport this anywhere that needs this fix?
>
> Amusingly, the code still kinda works correctly as long as pointers are
> considered unsigned.  The assert will only trigger if the pointer is
> NULL, which would have caused a segfault a few lines later anyway.

Not really, it was a bug that could be exploited if there was a memory
corruption, see:

https://sourceware.org/bugzilla/show_bug.cgi?id=23733
https://sourceware.org/ml/libc-alpha/2018-11/msg00323.html

I guess the patch fell through the cracks, I should have pinged you
about it earlier.

Follow-Ups:
- Re: Fix assertion in malloc.c:tcache_get
  - From: Florian Weimer

References:
- Re: Fix assertion in malloc.c:tcache_get
  - From: Carlos O'Donell
- Re: Fix assertion in malloc.c:tcache_get
  - From: DJ Delorie

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]