GNU C Library master sources branch master updated. glibc-2.28.9000-485-gc0e82f1

dj@sourceware.org dj@sourceware.org
Fri Dec 21 05:18:00 GMT 2018


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  c0e82f117357a941e4d40fcc08babbd6a3c3a1b5 (commit)
      from  ebe544bf6e8eec35e754fd49efb027c6f161b6cb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c0e82f117357a941e4d40fcc08babbd6a3c3a1b5

commit c0e82f117357a941e4d40fcc08babbd6a3c3a1b5
Author: Istvan Kurucsai <pistukem@gmail.com>
Date:   Fri Dec 21 00:13:01 2018 -0500

    malloc: Check the alignment of mmapped chunks before unmapping.
    
    * malloc/malloc.c (munmap_chunk): Verify chunk alignment.

diff --git a/ChangeLog b/ChangeLog
index ff9349f..20f69c9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2018-12-21  Istvan Kurucsai <pistukem@gmail.com>
+
+	* malloc/malloc.c (munmap_chunk): Verify chunk alignment.
+
 2018-12-20  Istvan Kurucsai <pistukem@gmail.com>
 
 	* malloc/malloc.c (mremap_chunk): Additional checks.
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 32d47f0..c33709e 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -2889,6 +2889,7 @@ systrim (size_t pad, mstate av)
 static void
 munmap_chunk (mchunkptr p)
 {
+  size_t pagesize = GLRO (dl_pagesize);
   INTERNAL_SIZE_T size = chunksize (p);
 
   assert (chunk_is_mmapped (p));
@@ -2898,6 +2899,7 @@ munmap_chunk (mchunkptr p)
   if (DUMPED_MAIN_ARENA_CHUNK (p))
     return;
 
+  uintptr_t mem = (uintptr_t) chunk2mem (p);
   uintptr_t block = (uintptr_t) p - prev_size (p);
   size_t total_size = prev_size (p) + size;
   /* Unfortunately we have to do the compilers job by hand here.  Normally
@@ -2905,7 +2907,8 @@ munmap_chunk (mchunkptr p)
      page size.  But gcc does not recognize the optimization possibility
      (in the moment at least) so we combine the two values into one before
      the bit test.  */
-  if (__builtin_expect (((block | total_size) & (GLRO (dl_pagesize) - 1)) != 0, 0))
+  if (__glibc_unlikely ((block | total_size) & (pagesize - 1)) != 0
+      || __glibc_unlikely (!powerof2 (mem & (pagesize - 1))))
     malloc_printerr ("munmap_chunk(): invalid pointer");
 
   atomic_decrement (&mp_.n_mmaps);

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog       |    4 ++++
 malloc/malloc.c |    5 ++++-
 2 files changed, 8 insertions(+), 1 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources



More information about the Glibc-cvs mailing list