[PATCH] libc/newlib: Fix bug in dlmalloc with multiple memory regions

Martin Guy martinwguy@gmail.com
Sun Mar 31 14:10:00 GMT 2013


This is a resend of my jan2012 patch to fix newlib's dlmalloc()
implementation in newlib < 1.19
Both inline and attached.

----8<--------------------
This patch adds patches to crosstool-ng to add a patch to newlib-1.1[78].0
that fixes a memory-corruption bug in malloc when sbrk() can return
discontiguous memory regions. This is a back-port of the only change
made between dlmalloc 2.6.4 and dlmalloc 2.6.5.
See diff of ftp://g.oswego.edu/pub/misc/ files malloc-2.6.4.c and malloc-2.6.5.c

It applies to all versions of newlib previous to 1.19.0

Signed-off-by: Martin Guy <martinwguy@gmail.com>

diff -r ce2e1c5365ac patches/newlib/1.17.0/110-update-dlmalloc-to-2.6.5.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/newlib/1.17.0/110-update-dlmalloc-to-2.6.5.patch	Fri Jan
13 04:39:46 2012 +0100
@@ -0,0 +1,34 @@
+--- newlib-1.17.0.orig/newlib/libc/stdlib/mallocr.c	2006-12-18
21:21:48.000000000 +0100
++++ newlib-1.17.0/newlib/libc/stdlib/mallocr.c	2012-01-13
03:39:10.571225907 +0100
+@@ -8,12 +8,17 @@
+   public domain.  Send questions/comments/complaints/performance data
+   to dl@cs.oswego.edu
+
+-* VERSION 2.6.4  Thu Nov 28 07:54:55 1996  Doug Lea  (dl at gee)
++* VERSION 2.6.5  Wed Jun 17 15:55:16 1998  Doug Lea  (dl at gee)
+
+    Note: There may be an updated version of this malloc obtainable at
+            ftp://g.oswego.edu/pub/misc/malloc.c
+          Check before installing!
+
++   Note: This version differs from 2.6.4 only by correcting a
++         statement ordering error that could cause failures only
++         when calls to this malloc are interposed with calls to
++         other memory allocators.
++
+ * Why use this malloc?
+
+   This is not the fastest, most space-conserving, most portable, or
+@@ -2223,11 +2228,11 @@
+
+       /* Also keep size a multiple of MALLOC_ALIGNMENT */
+       old_top_size = (old_top_size - 3*SIZE_SZ) & ~MALLOC_ALIGN_MASK;
++      set_head_size(old_top, old_top_size);
+       chunk_at_offset(old_top, old_top_size          )->size =
+         SIZE_SZ|PREV_INUSE;
+       chunk_at_offset(old_top, old_top_size + SIZE_SZ)->size =
+         SIZE_SZ|PREV_INUSE;
+-      set_head_size(old_top, old_top_size);
+       /* If possible, release the rest. */
+       if (old_top_size >= MINSIZE)
+         fREe(RCALL chunk2mem(old_top));
diff -r ce2e1c5365ac patches/newlib/1.18.0/110-update-dlmalloc-to-2.6.5.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/newlib/1.18.0/110-update-dlmalloc-to-2.6.5.patch	Fri Jan
13 04:39:46 2012 +0100
@@ -0,0 +1,34 @@
+--- newlib-1.18.0.orig/newlib/libc/stdlib/mallocr.c	2006-12-18
21:21:48.000000000 +0100
++++ newlib-1.18.0/newlib/libc/stdlib/mallocr.c	2012-01-13
03:39:10.571225907 +0100
+@@ -8,12 +8,17 @@
+   public domain.  Send questions/comments/complaints/performance data
+   to dl@cs.oswego.edu
+
+-* VERSION 2.6.4  Thu Nov 28 07:54:55 1996  Doug Lea  (dl at gee)
++* VERSION 2.6.5  Wed Jun 17 15:55:16 1998  Doug Lea  (dl at gee)
+
+    Note: There may be an updated version of this malloc obtainable at
+            ftp://g.oswego.edu/pub/misc/malloc.c
+          Check before installing!
+
++   Note: This version differs from 2.6.4 only by correcting a
++         statement ordering error that could cause failures only
++         when calls to this malloc are interposed with calls to
++         other memory allocators.
++
+ * Why use this malloc?
+
+   This is not the fastest, most space-conserving, most portable, or
+@@ -2223,11 +2228,11 @@
+
+       /* Also keep size a multiple of MALLOC_ALIGNMENT */
+       old_top_size = (old_top_size - 3*SIZE_SZ) & ~MALLOC_ALIGN_MASK;
++      set_head_size(old_top, old_top_size);
+       chunk_at_offset(old_top, old_top_size          )->size =
+         SIZE_SZ|PREV_INUSE;
+       chunk_at_offset(old_top, old_top_size + SIZE_SZ)->size =
+         SIZE_SZ|PREV_INUSE;
+-      set_head_size(old_top, old_top_size);
+       /* If possible, release the rest. */
+       if (old_top_size >= MINSIZE)
+         fREe(RCALL chunk2mem(old_top));
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crosstool-ng-newlib-update-dlmalloc-to-2.6.5.patch
Type: application/octet-stream
Size: 3901 bytes
Desc: not available
URL: <http://sourceware.org/pipermail/crossgcc/attachments/20130331/1f9ddfe8/attachment.obj>
-------------- next part --------------
--
For unsubscribe information see http://sourceware.org/lists.html#faq


More information about the crossgcc mailing list