From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1844 invoked by alias); 23 Dec 2013 21:07:36 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 1390 invoked by uid 55); 23 Dec 2013 21:07:30 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug malloc/15073] Race condition using ATOMIC_FASTBINS in _int_free causes crash or heap corruption Date: Mon, 23 Dec 2013 21:07:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: malloc X-Bugzilla-Version: 2.15 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2013-12/txt/msg00204.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=15073 --- Comment #9 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via abc26e998f74750850cc02f9c249ee794cbdd8e8 (commit) via 362b47fe09ca9a928d444c7e2f7992f7f61bfc3e (commit) from b9bcbbcbe7afa94442d335811d4a1c1e0c0a1daf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=abc26e998f74750850cc02f9c249ee794cbdd8e8 commit abc26e998f74750850cc02f9c249ee794cbdd8e8 Author: Maxim Kuvyrkov Date: Tue Dec 24 09:55:03 2013 +1300 Restore accidentally deleted bug-fix entries in NEWS. * NEWS: Restore accidentally deleted bug-fix entries. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=362b47fe09ca9a928d444c7e2f7992f7f61bfc3e commit 362b47fe09ca9a928d444c7e2f7992f7f61bfc3e Author: Maxim Kuvyrkov Date: Tue Dec 24 09:44:50 2013 +1300 Fix race in free() of fastbin chunk: BZ #15073 Perform sanity check only if we have_lock. Due to lockless nature of fastbins we need to be careful derefencing pointers to fastbin entries (chunksize(old) in this case) in multithreaded environments. The fix is to add have_lock to the if-condition checks. The rest of the patch only makes code more readable. * malloc/malloc.c (_int_free): Perform sanity check only if we have_lock. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 11 +++++++++++ NEWS | 23 ++++++++++++----------- malloc/malloc.c | 20 ++++++++++++-------- 3 files changed, 35 insertions(+), 19 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug.