From: Martin Guy <martinwguy@gmail.com>
To: Crossgcc list <crossgcc@sourceware.org>,
"Yann E. MORIN" <yann.morin.1998@anciens.enib.fr>
Subject: [CT-NG] [PATCH] Fix memory corruption bug in newlib 1.17,18].0
Date: Tue, 17 Jan 2012 08:58:00 -0000 [thread overview]
Message-ID: <CAL4-wQqA5d+rN7i9AtXorJCAGp8QMkJ1Ygo4k1vZTn6LQxtFLw@mail.gmail.com> (raw)
In-Reply-To: <CAL4-wQrGDSdrQDhy60+LGx3ExPMEcJyKoS9aRecBKeNrhSzD_Q@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 561 bytes --]
[second attempt, with Signed-off-by: line]
The attached patch for crosstool-ng adds a patch to newlib 1.17.0 and
1.18.0 to fix a bug in malloc() that corrupts memory either when
sbrk() is called between two calls to malloc() or when a custom sbrk()
returns memory from several discontiguous memory regions (as in this
embedded target with two disjoint memory banks).
Newlib fixed it in 1.19.0; this back-ports the fix (which is the
same as the difference between dlmalloc 2.6.4 and 2.6.5) to the other
versions present in crosstool-ng.
M
[-- Attachment #2: crosstool-ng-newlib-update-dlmalloc-to-2.6.5.patch --]
[-- Type: text/x-patch, Size: 3901 bytes --]
This patch adds patches to crosstool-ng to add a patch to newlib-1.1[78].0
that fixes a memory-corruption bug in malloc when sbrk() can return
discontiguous memory regions. This is a back-port of the only change
made between dlmalloc 2.6.4 and dlmalloc 2.6.5.
See diff of ftp://g.oswego.edu/pub/misc/ files malloc-2.6.4.c and malloc-2.6.5.c
It applies to all versions of newlib previous to 1.19.0
Signed-off-by: Martin Guy <martinwguy@gmail.com>
diff -r ce2e1c5365ac patches/newlib/1.17.0/110-update-dlmalloc-to-2.6.5.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/newlib/1.17.0/110-update-dlmalloc-to-2.6.5.patch Fri Jan 13 04:39:46 2012 +0100
@@ -0,0 +1,34 @@
+--- newlib-1.17.0.orig/newlib/libc/stdlib/mallocr.c 2006-12-18 21:21:48.000000000 +0100
++++ newlib-1.17.0/newlib/libc/stdlib/mallocr.c 2012-01-13 03:39:10.571225907 +0100
+@@ -8,12 +8,17 @@
+ public domain. Send questions/comments/complaints/performance data
+ to dl@cs.oswego.edu
+
+-* VERSION 2.6.4 Thu Nov 28 07:54:55 1996 Doug Lea (dl at gee)
++* VERSION 2.6.5 Wed Jun 17 15:55:16 1998 Doug Lea (dl at gee)
+
+ Note: There may be an updated version of this malloc obtainable at
+ ftp://g.oswego.edu/pub/misc/malloc.c
+ Check before installing!
+
++ Note: This version differs from 2.6.4 only by correcting a
++ statement ordering error that could cause failures only
++ when calls to this malloc are interposed with calls to
++ other memory allocators.
++
+ * Why use this malloc?
+
+ This is not the fastest, most space-conserving, most portable, or
+@@ -2223,11 +2228,11 @@
+
+ /* Also keep size a multiple of MALLOC_ALIGNMENT */
+ old_top_size = (old_top_size - 3*SIZE_SZ) & ~MALLOC_ALIGN_MASK;
++ set_head_size(old_top, old_top_size);
+ chunk_at_offset(old_top, old_top_size )->size =
+ SIZE_SZ|PREV_INUSE;
+ chunk_at_offset(old_top, old_top_size + SIZE_SZ)->size =
+ SIZE_SZ|PREV_INUSE;
+- set_head_size(old_top, old_top_size);
+ /* If possible, release the rest. */
+ if (old_top_size >= MINSIZE)
+ fREe(RCALL chunk2mem(old_top));
diff -r ce2e1c5365ac patches/newlib/1.18.0/110-update-dlmalloc-to-2.6.5.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/newlib/1.18.0/110-update-dlmalloc-to-2.6.5.patch Fri Jan 13 04:39:46 2012 +0100
@@ -0,0 +1,34 @@
+--- newlib-1.18.0.orig/newlib/libc/stdlib/mallocr.c 2006-12-18 21:21:48.000000000 +0100
++++ newlib-1.18.0/newlib/libc/stdlib/mallocr.c 2012-01-13 03:39:10.571225907 +0100
+@@ -8,12 +8,17 @@
+ public domain. Send questions/comments/complaints/performance data
+ to dl@cs.oswego.edu
+
+-* VERSION 2.6.4 Thu Nov 28 07:54:55 1996 Doug Lea (dl at gee)
++* VERSION 2.6.5 Wed Jun 17 15:55:16 1998 Doug Lea (dl at gee)
+
+ Note: There may be an updated version of this malloc obtainable at
+ ftp://g.oswego.edu/pub/misc/malloc.c
+ Check before installing!
+
++ Note: This version differs from 2.6.4 only by correcting a
++ statement ordering error that could cause failures only
++ when calls to this malloc are interposed with calls to
++ other memory allocators.
++
+ * Why use this malloc?
+
+ This is not the fastest, most space-conserving, most portable, or
+@@ -2223,11 +2228,11 @@
+
+ /* Also keep size a multiple of MALLOC_ALIGNMENT */
+ old_top_size = (old_top_size - 3*SIZE_SZ) & ~MALLOC_ALIGN_MASK;
++ set_head_size(old_top, old_top_size);
+ chunk_at_offset(old_top, old_top_size )->size =
+ SIZE_SZ|PREV_INUSE;
+ chunk_at_offset(old_top, old_top_size + SIZE_SZ)->size =
+ SIZE_SZ|PREV_INUSE;
+- set_head_size(old_top, old_top_size);
+ /* If possible, release the rest. */
+ if (old_top_size >= MINSIZE)
+ fREe(RCALL chunk2mem(old_top));
[-- Attachment #3: Type: text/plain, Size: 71 bytes --]
--
For unsubscribe information see http://sourceware.org/lists.html#faq
prev parent reply other threads:[~2012-01-17 8:58 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-13 3:47 Martin Guy
2012-01-17 8:58 ` Martin Guy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAL4-wQqA5d+rN7i9AtXorJCAGp8QMkJ1Ygo4k1vZTn6LQxtFLw@mail.gmail.com \
--to=martinwguy@gmail.com \
--cc=crossgcc@sourceware.org \
--cc=yann.morin.1998@anciens.enib.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).