[CT-NG] [PATCH] Fix memory corruption bug in newlib 1.17,18].0

[Martin Guy <martinwguy@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 561 bytes --]

[second attempt, with Signed-off-by: line]

  The attached patch for crosstool-ng adds a patch to newlib 1.17.0 and
1.18.0 to fix a bug in malloc() that corrupts memory either when
sbrk() is called between two calls to malloc() or when a custom sbrk()
returns memory from several discontiguous memory regions (as in this
embedded target with two disjoint memory banks).
  Newlib fixed it in 1.19.0; this back-ports the fix (which is the
same as the difference between dlmalloc 2.6.4 and 2.6.5) to the other
versions present in crosstool-ng.

     M

[-- Attachment #2: crosstool-ng-newlib-update-dlmalloc-to-2.6.5.patch --]
[-- Type: text/x-patch, Size: 3901 bytes --]

This patch adds patches to crosstool-ng to add a patch to newlib-1.1[78].0
that fixes a memory-corruption bug in malloc when sbrk() can return
discontiguous memory regions. This is a back-port of the only change
made between dlmalloc 2.6.4 and dlmalloc 2.6.5.
See diff of ftp://g.oswego.edu/pub/misc/ files malloc-2.6.4.c and malloc-2.6.5.c

It applies to all versions of newlib previous to 1.19.0

Signed-off-by: Martin Guy <martinwguy@gmail.com>

diff -r ce2e1c5365ac patches/newlib/1.17.0/110-update-dlmalloc-to-2.6.5.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/newlib/1.17.0/110-update-dlmalloc-to-2.6.5.patch	Fri Jan 13 04:39:46 2012 +0100
@@ -0,0 +1,34 @@
+--- newlib-1.17.0.orig/newlib/libc/stdlib/mallocr.c	2006-12-18 21:21:48.000000000 +0100
++++ newlib-1.17.0/newlib/libc/stdlib/mallocr.c	2012-01-13 03:39:10.571225907 +0100
+@@ -8,12 +8,17 @@
+   public domain.  Send questions/comments/complaints/performance data
+   to dl@cs.oswego.edu
+ 
+-* VERSION 2.6.4  Thu Nov 28 07:54:55 1996  Doug Lea  (dl at gee)
++* VERSION 2.6.5  Wed Jun 17 15:55:16 1998  Doug Lea  (dl at gee)
+   
+    Note: There may be an updated version of this malloc obtainable at
+            ftp://g.oswego.edu/pub/misc/malloc.c
+          Check before installing!
+ 
++   Note: This version differs from 2.6.4 only by correcting a
++         statement ordering error that could cause failures only
++         when calls to this malloc are interposed with calls to
++         other memory allocators.
++
+ * Why use this malloc?
+ 
+   This is not the fastest, most space-conserving, most portable, or
+@@ -2223,11 +2228,11 @@
+ 
+       /* Also keep size a multiple of MALLOC_ALIGNMENT */
+       old_top_size = (old_top_size - 3*SIZE_SZ) & ~MALLOC_ALIGN_MASK;
++      set_head_size(old_top, old_top_size);
+       chunk_at_offset(old_top, old_top_size          )->size =
+         SIZE_SZ|PREV_INUSE;
+       chunk_at_offset(old_top, old_top_size + SIZE_SZ)->size =
+         SIZE_SZ|PREV_INUSE;
+-      set_head_size(old_top, old_top_size);
+       /* If possible, release the rest. */
+       if (old_top_size >= MINSIZE) 
+         fREe(RCALL chunk2mem(old_top));
diff -r ce2e1c5365ac patches/newlib/1.18.0/110-update-dlmalloc-to-2.6.5.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/newlib/1.18.0/110-update-dlmalloc-to-2.6.5.patch	Fri Jan 13 04:39:46 2012 +0100
@@ -0,0 +1,34 @@
+--- newlib-1.18.0.orig/newlib/libc/stdlib/mallocr.c	2006-12-18 21:21:48.000000000 +0100
++++ newlib-1.18.0/newlib/libc/stdlib/mallocr.c	2012-01-13 03:39:10.571225907 +0100
+@@ -8,12 +8,17 @@
+   public domain.  Send questions/comments/complaints/performance data
+   to dl@cs.oswego.edu
+ 
+-* VERSION 2.6.4  Thu Nov 28 07:54:55 1996  Doug Lea  (dl at gee)
++* VERSION 2.6.5  Wed Jun 17 15:55:16 1998  Doug Lea  (dl at gee)
+   
+    Note: There may be an updated version of this malloc obtainable at
+            ftp://g.oswego.edu/pub/misc/malloc.c
+          Check before installing!
+ 
++   Note: This version differs from 2.6.4 only by correcting a
++         statement ordering error that could cause failures only
++         when calls to this malloc are interposed with calls to
++         other memory allocators.
++
+ * Why use this malloc?
+ 
+   This is not the fastest, most space-conserving, most portable, or
+@@ -2223,11 +2228,11 @@
+ 
+       /* Also keep size a multiple of MALLOC_ALIGNMENT */
+       old_top_size = (old_top_size - 3*SIZE_SZ) & ~MALLOC_ALIGN_MASK;
++      set_head_size(old_top, old_top_size);
+       chunk_at_offset(old_top, old_top_size          )->size =
+         SIZE_SZ|PREV_INUSE;
+       chunk_at_offset(old_top, old_top_size + SIZE_SZ)->size =
+         SIZE_SZ|PREV_INUSE;
+-      set_head_size(old_top, old_top_size);
+       /* If possible, release the rest. */
+       if (old_top_size >= MINSIZE) 
+         fREe(RCALL chunk2mem(old_top));

[-- Attachment #3: Type: text/plain, Size: 71 bytes --]

--
For unsubscribe information see http://sourceware.org/lists.html#faq