From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7426 invoked by alias); 5 Jan 2014 02:19:44 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 7352 invoked by uid 55); 5 Jan 2014 02:19:40 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug malloc/15073] Race condition using ATOMIC_FASTBINS in _int_free causes crash or heap corruption Date: Sun, 05 Jan 2014 02:19:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: malloc X-Bugzilla-Version: 2.15 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: REOPENED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-01/txt/msg00040.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=15073 --- Comment #20 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, release/2.18/master has been updated via 8b43a2274a593ce91e673db1cfac6e808134bc84 (commit) from ca0dd6386ed2b5c5c6ca392547628a1228432ae0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8b43a2274a593ce91e673db1cfac6e808134bc84 commit 8b43a2274a593ce91e673db1cfac6e808134bc84 Author: Maxim Kuvyrkov Date: Tue Dec 24 09:44:50 2013 +1300 Fix race in free() of fastbin chunk: BZ #15073 Perform sanity check only if we have_lock. Due to lockless nature of fastbins we need to be careful derefencing pointers to fastbin entries (chunksize(old) in this case) in multithreaded environments. The fix is to add have_lock to the if-condition checks. The rest of the patch only makes code more readable. * malloc/malloc.c (_int_free): Perform sanity check only if we have_lock. Conflicts: ChangeLog NEWS ----------------------------------------------------------------------- Summary of changes: ChangeLog | 7 +++++++ NEWS | 2 +- malloc/malloc.c | 20 ++++++++++++-------- 3 files changed, 20 insertions(+), 9 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug.