Double free check in malloc.c for 64 bit architectures
Claude Zou
claude.zou.work@gmail.com
Wed Nov 20 19:04:00 GMT 2019
That makes sense - I didn't think about the arena lock.
Is there any particular reason such a check (such as the one currently
in tcache) has not been done for fastbins yet?
On Wed, Nov 20, 2019 at 3:48 AM Florian Weimer <fweimer@redhat.com> wrote:
>
> * Claude Zou:
>
> > I was looking at malloc.c, and noticed that SIZE_BITS potentially has
> > extra space in 64 bit architectures - specifically, the 8 bit.
> >
> > I wrote up a quick patch that uses that bit to check for double frees
> > for fastbins more effectively than the current check. Would this be a
> > feasible addition to glibc?
>
> Fastbins do not use the arena lock. This means that if you write to
> chunk headers on fastbin paths, you risk losing other updates to the
> chunk header which change the PREV_INUSE bit.
>
> We would have to use a marker value instead, similar to what we do for
> tcache.
>
> Thanks,
> Florian
>
More information about the Libc-help
mailing list