* [PATCH] Fix memory corruption bug in newlib 1.17,18].0
@ 2012-01-13 3:47 Martin Guy
2012-01-17 8:58 ` [CT-NG] " Martin Guy
0 siblings, 1 reply; 2+ messages in thread
From: Martin Guy @ 2012-01-13 3:47 UTC (permalink / raw)
To: crossgcc list
[-- Attachment #1: Type: text/plain, Size: 512 bytes --]
Hi all
The attached patch for crosstool adds a patch to newlib 1.17.0 and
1.18.0 to fix a bug in malloc() that corrupts memory either when
sbrk() is called between two calls to malloc() or when a custom sbrk()
returns memory from several discontiguous memory regions (as in this
embedded target with two disjoint memory banks).
Newlib fixed it in 1.19.0; this back-ports the fix (which is the
same as the difference between dlmalloc 2.6.4 and 2.6.5) to the other
versions present in crosstool-ng.
M
[-- Attachment #2: crosstool-ng-newlib-update-dlmalloc-to-2.6.5.patch --]
[-- Type: text/x-patch, Size: 3849 bytes --]
Add a patch to crosstool-ng to add a patch to newlib-1.17.0 that
fixes a memory-corruption bug in malloc when sbrk() can return
discontiguous memory regions.
This is the same as the change between dlmalloc 2.6.4 and dlmalloc 2.6.5
See ftp://g.oswego.edu/pub/misc/ files malloc-2.6.4.c and malloc-2.6.5.c
It applies to all versions of newlib previous to 1.19.0 (when they made the
same change).
diff -r ce2e1c5365ac patches/newlib/1.17.0/110-update-dlmalloc-to-2.6.5.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/newlib/1.17.0/110-update-dlmalloc-to-2.6.5.patch Fri Jan 13 04:39:46 2012 +0100
@@ -0,0 +1,34 @@
+--- newlib-1.17.0.orig/newlib/libc/stdlib/mallocr.c 2006-12-18 21:21:48.000000000 +0100
++++ newlib-1.17.0/newlib/libc/stdlib/mallocr.c 2012-01-13 03:39:10.571225907 +0100
+@@ -8,12 +8,17 @@
+ public domain. Send questions/comments/complaints/performance data
+ to dl@cs.oswego.edu
+
+-* VERSION 2.6.4 Thu Nov 28 07:54:55 1996 Doug Lea (dl at gee)
++* VERSION 2.6.5 Wed Jun 17 15:55:16 1998 Doug Lea (dl at gee)
+
+ Note: There may be an updated version of this malloc obtainable at
+ ftp://g.oswego.edu/pub/misc/malloc.c
+ Check before installing!
+
++ Note: This version differs from 2.6.4 only by correcting a
++ statement ordering error that could cause failures only
++ when calls to this malloc are interposed with calls to
++ other memory allocators.
++
+ * Why use this malloc?
+
+ This is not the fastest, most space-conserving, most portable, or
+@@ -2223,11 +2228,11 @@
+
+ /* Also keep size a multiple of MALLOC_ALIGNMENT */
+ old_top_size = (old_top_size - 3*SIZE_SZ) & ~MALLOC_ALIGN_MASK;
++ set_head_size(old_top, old_top_size);
+ chunk_at_offset(old_top, old_top_size )->size =
+ SIZE_SZ|PREV_INUSE;
+ chunk_at_offset(old_top, old_top_size + SIZE_SZ)->size =
+ SIZE_SZ|PREV_INUSE;
+- set_head_size(old_top, old_top_size);
+ /* If possible, release the rest. */
+ if (old_top_size >= MINSIZE)
+ fREe(RCALL chunk2mem(old_top));
diff -r ce2e1c5365ac patches/newlib/1.18.0/110-update-dlmalloc-to-2.6.5.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/newlib/1.18.0/110-update-dlmalloc-to-2.6.5.patch Fri Jan 13 04:39:46 2012 +0100
@@ -0,0 +1,34 @@
+--- newlib-1.18.0.orig/newlib/libc/stdlib/mallocr.c 2006-12-18 21:21:48.000000000 +0100
++++ newlib-1.18.0/newlib/libc/stdlib/mallocr.c 2012-01-13 03:39:10.571225907 +0100
+@@ -8,12 +8,17 @@
+ public domain. Send questions/comments/complaints/performance data
+ to dl@cs.oswego.edu
+
+-* VERSION 2.6.4 Thu Nov 28 07:54:55 1996 Doug Lea (dl at gee)
++* VERSION 2.6.5 Wed Jun 17 15:55:16 1998 Doug Lea (dl at gee)
+
+ Note: There may be an updated version of this malloc obtainable at
+ ftp://g.oswego.edu/pub/misc/malloc.c
+ Check before installing!
+
++ Note: This version differs from 2.6.4 only by correcting a
++ statement ordering error that could cause failures only
++ when calls to this malloc are interposed with calls to
++ other memory allocators.
++
+ * Why use this malloc?
+
+ This is not the fastest, most space-conserving, most portable, or
+@@ -2223,11 +2228,11 @@
+
+ /* Also keep size a multiple of MALLOC_ALIGNMENT */
+ old_top_size = (old_top_size - 3*SIZE_SZ) & ~MALLOC_ALIGN_MASK;
++ set_head_size(old_top, old_top_size);
+ chunk_at_offset(old_top, old_top_size )->size =
+ SIZE_SZ|PREV_INUSE;
+ chunk_at_offset(old_top, old_top_size + SIZE_SZ)->size =
+ SIZE_SZ|PREV_INUSE;
+- set_head_size(old_top, old_top_size);
+ /* If possible, release the rest. */
+ if (old_top_size >= MINSIZE)
+ fREe(RCALL chunk2mem(old_top));
[-- Attachment #3: Type: text/plain, Size: 71 bytes --]
--
For unsubscribe information see http://sourceware.org/lists.html#faq
^ permalink raw reply [flat|nested] 2+ messages in thread
* [CT-NG] [PATCH] Fix memory corruption bug in newlib 1.17,18].0
2012-01-13 3:47 [PATCH] Fix memory corruption bug in newlib 1.17,18].0 Martin Guy
@ 2012-01-17 8:58 ` Martin Guy
0 siblings, 0 replies; 2+ messages in thread
From: Martin Guy @ 2012-01-17 8:58 UTC (permalink / raw)
To: Crossgcc list, Yann E. MORIN
[-- Attachment #1: Type: text/plain, Size: 561 bytes --]
[second attempt, with Signed-off-by: line]
The attached patch for crosstool-ng adds a patch to newlib 1.17.0 and
1.18.0 to fix a bug in malloc() that corrupts memory either when
sbrk() is called between two calls to malloc() or when a custom sbrk()
returns memory from several discontiguous memory regions (as in this
embedded target with two disjoint memory banks).
Newlib fixed it in 1.19.0; this back-ports the fix (which is the
same as the difference between dlmalloc 2.6.4 and 2.6.5) to the other
versions present in crosstool-ng.
M
[-- Attachment #2: crosstool-ng-newlib-update-dlmalloc-to-2.6.5.patch --]
[-- Type: text/x-patch, Size: 3901 bytes --]
This patch adds patches to crosstool-ng to add a patch to newlib-1.1[78].0
that fixes a memory-corruption bug in malloc when sbrk() can return
discontiguous memory regions. This is a back-port of the only change
made between dlmalloc 2.6.4 and dlmalloc 2.6.5.
See diff of ftp://g.oswego.edu/pub/misc/ files malloc-2.6.4.c and malloc-2.6.5.c
It applies to all versions of newlib previous to 1.19.0
Signed-off-by: Martin Guy <martinwguy@gmail.com>
diff -r ce2e1c5365ac patches/newlib/1.17.0/110-update-dlmalloc-to-2.6.5.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/newlib/1.17.0/110-update-dlmalloc-to-2.6.5.patch Fri Jan 13 04:39:46 2012 +0100
@@ -0,0 +1,34 @@
+--- newlib-1.17.0.orig/newlib/libc/stdlib/mallocr.c 2006-12-18 21:21:48.000000000 +0100
++++ newlib-1.17.0/newlib/libc/stdlib/mallocr.c 2012-01-13 03:39:10.571225907 +0100
+@@ -8,12 +8,17 @@
+ public domain. Send questions/comments/complaints/performance data
+ to dl@cs.oswego.edu
+
+-* VERSION 2.6.4 Thu Nov 28 07:54:55 1996 Doug Lea (dl at gee)
++* VERSION 2.6.5 Wed Jun 17 15:55:16 1998 Doug Lea (dl at gee)
+
+ Note: There may be an updated version of this malloc obtainable at
+ ftp://g.oswego.edu/pub/misc/malloc.c
+ Check before installing!
+
++ Note: This version differs from 2.6.4 only by correcting a
++ statement ordering error that could cause failures only
++ when calls to this malloc are interposed with calls to
++ other memory allocators.
++
+ * Why use this malloc?
+
+ This is not the fastest, most space-conserving, most portable, or
+@@ -2223,11 +2228,11 @@
+
+ /* Also keep size a multiple of MALLOC_ALIGNMENT */
+ old_top_size = (old_top_size - 3*SIZE_SZ) & ~MALLOC_ALIGN_MASK;
++ set_head_size(old_top, old_top_size);
+ chunk_at_offset(old_top, old_top_size )->size =
+ SIZE_SZ|PREV_INUSE;
+ chunk_at_offset(old_top, old_top_size + SIZE_SZ)->size =
+ SIZE_SZ|PREV_INUSE;
+- set_head_size(old_top, old_top_size);
+ /* If possible, release the rest. */
+ if (old_top_size >= MINSIZE)
+ fREe(RCALL chunk2mem(old_top));
diff -r ce2e1c5365ac patches/newlib/1.18.0/110-update-dlmalloc-to-2.6.5.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/newlib/1.18.0/110-update-dlmalloc-to-2.6.5.patch Fri Jan 13 04:39:46 2012 +0100
@@ -0,0 +1,34 @@
+--- newlib-1.18.0.orig/newlib/libc/stdlib/mallocr.c 2006-12-18 21:21:48.000000000 +0100
++++ newlib-1.18.0/newlib/libc/stdlib/mallocr.c 2012-01-13 03:39:10.571225907 +0100
+@@ -8,12 +8,17 @@
+ public domain. Send questions/comments/complaints/performance data
+ to dl@cs.oswego.edu
+
+-* VERSION 2.6.4 Thu Nov 28 07:54:55 1996 Doug Lea (dl at gee)
++* VERSION 2.6.5 Wed Jun 17 15:55:16 1998 Doug Lea (dl at gee)
+
+ Note: There may be an updated version of this malloc obtainable at
+ ftp://g.oswego.edu/pub/misc/malloc.c
+ Check before installing!
+
++ Note: This version differs from 2.6.4 only by correcting a
++ statement ordering error that could cause failures only
++ when calls to this malloc are interposed with calls to
++ other memory allocators.
++
+ * Why use this malloc?
+
+ This is not the fastest, most space-conserving, most portable, or
+@@ -2223,11 +2228,11 @@
+
+ /* Also keep size a multiple of MALLOC_ALIGNMENT */
+ old_top_size = (old_top_size - 3*SIZE_SZ) & ~MALLOC_ALIGN_MASK;
++ set_head_size(old_top, old_top_size);
+ chunk_at_offset(old_top, old_top_size )->size =
+ SIZE_SZ|PREV_INUSE;
+ chunk_at_offset(old_top, old_top_size + SIZE_SZ)->size =
+ SIZE_SZ|PREV_INUSE;
+- set_head_size(old_top, old_top_size);
+ /* If possible, release the rest. */
+ if (old_top_size >= MINSIZE)
+ fREe(RCALL chunk2mem(old_top));
[-- Attachment #3: Type: text/plain, Size: 71 bytes --]
--
For unsubscribe information see http://sourceware.org/lists.html#faq
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-01-17 8:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-01-13 3:47 [PATCH] Fix memory corruption bug in newlib 1.17,18].0 Martin Guy
2012-01-17 8:58 ` [CT-NG] " Martin Guy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).