This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Fix assertion in malloc.c:tcache_get
On Wed, Feb 6, 2019 at 5:37 PM DJ Delorie <dj@delorie.com> wrote:
>
>
> "Carlos O'Donell" <carlos@redhat.com> writes:
> > On 2/4/19 6:36 PM, DJ Delorie wrote:
> >> Joseph Myers <joseph@codesourcery.com> writes:
> >>> - assert (tcache->entries[tc_idx] > 0);
> >>> + assert (tcache->counts[tc_idx] > 0);
> >>
> >> Yes please :-)
> >
> > Did we backport this anywhere that needs this fix?
>
> Amusingly, the code still kinda works correctly as long as pointers are
> considered unsigned. The assert will only trigger if the pointer is
> NULL, which would have caused a segfault a few lines later anyway.
Not really, it was a bug that could be exploited if there was a memory
corruption, see:
https://sourceware.org/bugzilla/show_bug.cgi?id=23733
https://sourceware.org/ml/libc-alpha/2018-11/msg00323.html
I guess the patch fell through the cracks, I should have pinged you
about it earlier.