This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.26.9000-601-gd74e6f6
- From: wilco at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 19 Oct 2017 17:20:54 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.26.9000-601-gd74e6f6
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via d74e6f6c0de55fc588b1ac09c88eb0fb8b8600af (commit)
from 4d916f0f12b230f49967797f98b2b613c734a047 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d74e6f6c0de55fc588b1ac09c88eb0fb8b8600af
commit d74e6f6c0de55fc588b1ac09c88eb0fb8b8600af
Author: Wilco Dijkstra <wdijkstr@arm.com>
Date: Thu Oct 19 18:19:55 2017 +0100
Fix deadlock in _int_free consistency check
This patch fixes a deadlock in the fastbin consistency check.
If we fail the fast check due to concurrent modifications to
the next chunk or system_mem, we should not lock if we already
have the arena lock. Simplify the check to make it obviously
correct.
* malloc/malloc.c (_int_free): Fix deadlock bug in consistency check.
diff --git a/ChangeLog b/ChangeLog
index ea655fc..17a2833 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2017-10-19 Wilco Dijkstra <wdijkstr@arm.com>
+
+ * malloc/malloc.c (_int_free): Fix deadlock bug in consistency check.
+
2017-10-19 Valery Reznic <valery_reznic@yahoo.com>
H.J. Lu <hongjiu.lu@intel.com>
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 6b78968..3d7c239 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4135,17 +4135,20 @@ _int_free (mstate av, mchunkptr p, int have_lock)
|| __builtin_expect (chunksize (chunk_at_offset (p, size))
>= av->system_mem, 0))
{
+ bool fail = true;
/* We might not have a lock at this point and concurrent modifications
- of system_mem might have let to a false positive. Redo the test
- after getting the lock. */
- if (!have_lock
- || ({ __libc_lock_lock (av->mutex);
- chunksize_nomask (chunk_at_offset (p, size)) <= 2 * SIZE_SZ
- || chunksize (chunk_at_offset (p, size)) >= av->system_mem;
- }))
+ of system_mem might result in a false positive. Redo the test after
+ getting the lock. */
+ if (!have_lock)
+ {
+ __libc_lock_lock (av->mutex);
+ fail = (chunksize_nomask (chunk_at_offset (p, size)) <= 2 * SIZE_SZ
+ || chunksize (chunk_at_offset (p, size)) >= av->system_mem);
+ __libc_lock_unlock (av->mutex);
+ }
+
+ if (fail)
malloc_printerr ("free(): invalid next size (fast)");
- if (! have_lock)
- __libc_lock_unlock (av->mutex);
}
free_perturb (chunk2mem(p), size - 2 * SIZE_SZ);
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 4 ++++
malloc/malloc.c | 21 ++++++++++++---------
2 files changed, 16 insertions(+), 9 deletions(-)
hooks/post-receive
--
GNU C Library master sources