This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[RFC][PATCH 7/7] malloc: Check the alignment of mmapped chunks before unmapping.
- From: Istvan Kurucsai <pistukem at gmail dot com>
- To: libc-alpha at sourceware dot org
- Cc: Istvan Kurucsai <pistukem at gmail dot com>
- Date: Wed, 31 May 2017 10:43:55 +0200
- Subject: [RFC][PATCH 7/7] malloc: Check the alignment of mmapped chunks before unmapping.
- Authentication-results: sourceware.org; auth=none
- References: <1496220235-12750-1-git-send-email-pistukem@gmail.com>
* malloc/malloc.c (munmap_chunk): Verify chunk alignment.
---
malloc/malloc.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 503d061..f84e51a 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -2799,6 +2799,7 @@ static void
internal_function
munmap_chunk (mchunkptr p)
{
+ size_t pagesize = GLRO (dl_pagesize);
INTERNAL_SIZE_T size = chunksize (p);
assert (chunk_is_mmapped (p));
@@ -2809,13 +2810,15 @@ munmap_chunk (mchunkptr p)
return;
uintptr_t block = (uintptr_t) p - prev_size (p);
+ uintptr_t mem = (uintptr_t) chunk2mem(p);
size_t total_size = prev_size (p) + size;
/* Unfortunately we have to do the compilers job by hand here. Normally
we would test BLOCK and TOTAL-SIZE separately for compliance with the
page size. But gcc does not recognize the optimization possibility
(in the moment at least) so we combine the two values into one before
the bit test. */
- if (__builtin_expect (((block | total_size) & (GLRO (dl_pagesize) - 1)) != 0, 0))
+ if (__glibc_unlikely ((block | total_size) & (pagesize - 1)) != 0
+ || __glibc_unlikely (!powerof2 (mem & (pagesize - 1))))
{
malloc_printerr (check_action, "munmap_chunk(): invalid pointer",
chunk2mem (p), NULL);
--
2.7.4