public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc/nsz/mtag] malloc: Fix a potential realloc issue with memory tagging
@ 2021-03-11 17:38 Szabolcs Nagy
0 siblings, 0 replies; 3+ messages in thread
From: Szabolcs Nagy @ 2021-03-11 17:38 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ce3bbe19aef9d215a6f854233dc9cde921ea0c3a
commit ce3bbe19aef9d215a6f854233dc9cde921ea0c3a
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Thu Mar 11 14:09:56 2021 +0000
malloc: Fix a potential realloc issue with memory tagging
At an _int_free call site in realloc the wrong size was used for tag
clearing: the chunk header of the next chunk was also cleared which
in practice may work, but logically wrong.
The tag clearing is moved before the memcpy to save a tag computation,
this avoids a chunk2mem. Another chunk2mem is removed because newmem
does not have to be recomputed. Whitespaces got fixed too.
Diff:
---
malloc/malloc.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 8f8f12c276..51cec67e55 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4851,14 +4851,14 @@ _int_realloc(mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
}
else
{
- void *oldmem = chunk2mem (oldp);
+ void *oldmem = chunk2rawmem (oldp);
+ size_t sz = CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ;
+ (void) TAG_REGION (oldmem, sz);
newmem = TAG_NEW_USABLE (newmem);
- memcpy (newmem, oldmem,
- CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ);
- (void) TAG_REGION (chunk2rawmem (oldp), oldsize);
- _int_free (av, oldp, 1);
- check_inuse_chunk (av, newp);
- return chunk2mem (newp);
+ memcpy (newmem, oldmem, sz);
+ _int_free (av, oldp, 1);
+ check_inuse_chunk (av, newp);
+ return newmem;
}
}
}
^ permalink raw reply [flat|nested] 3+ messages in thread
* [glibc/nsz/mtag] malloc: Fix a potential realloc issue with memory tagging
@ 2021-03-19 11:56 Szabolcs Nagy
0 siblings, 0 replies; 3+ messages in thread
From: Szabolcs Nagy @ 2021-03-19 11:56 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=83efe3b3d2aa419f6a45828de9c38341acbf8ac3
commit 83efe3b3d2aa419f6a45828de9c38341acbf8ac3
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Thu Mar 11 14:09:56 2021 +0000
malloc: Fix a potential realloc issue with memory tagging
At an _int_free call site in realloc the wrong size was used for tag
clearing: the chunk header of the next chunk was also cleared which
in practice may work, but logically wrong.
The tag clearing is moved before the memcpy to save a tag computation,
this avoids a chunk2mem. Another chunk2mem is removed because newmem
does not have to be recomputed. Whitespaces got fixed too.
Diff:
---
malloc/malloc.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 8f8f12c276..51cec67e55 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4851,14 +4851,14 @@ _int_realloc(mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
}
else
{
- void *oldmem = chunk2mem (oldp);
+ void *oldmem = chunk2rawmem (oldp);
+ size_t sz = CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ;
+ (void) TAG_REGION (oldmem, sz);
newmem = TAG_NEW_USABLE (newmem);
- memcpy (newmem, oldmem,
- CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ);
- (void) TAG_REGION (chunk2rawmem (oldp), oldsize);
- _int_free (av, oldp, 1);
- check_inuse_chunk (av, newp);
- return chunk2mem (newp);
+ memcpy (newmem, oldmem, sz);
+ _int_free (av, oldp, 1);
+ check_inuse_chunk (av, newp);
+ return newmem;
}
}
}
^ permalink raw reply [flat|nested] 3+ messages in thread
* [glibc/nsz/mtag] malloc: Fix a potential realloc issue with memory tagging
@ 2021-03-11 17:40 Szabolcs Nagy
0 siblings, 0 replies; 3+ messages in thread
From: Szabolcs Nagy @ 2021-03-11 17:40 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ce3bbe19aef9d215a6f854233dc9cde921ea0c3a
commit ce3bbe19aef9d215a6f854233dc9cde921ea0c3a
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Thu Mar 11 14:09:56 2021 +0000
malloc: Fix a potential realloc issue with memory tagging
At an _int_free call site in realloc the wrong size was used for tag
clearing: the chunk header of the next chunk was also cleared which
in practice may work, but logically wrong.
The tag clearing is moved before the memcpy to save a tag computation,
this avoids a chunk2mem. Another chunk2mem is removed because newmem
does not have to be recomputed. Whitespaces got fixed too.
Diff:
---
malloc/malloc.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 8f8f12c276..51cec67e55 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4851,14 +4851,14 @@ _int_realloc(mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
}
else
{
- void *oldmem = chunk2mem (oldp);
+ void *oldmem = chunk2rawmem (oldp);
+ size_t sz = CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ;
+ (void) TAG_REGION (oldmem, sz);
newmem = TAG_NEW_USABLE (newmem);
- memcpy (newmem, oldmem,
- CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ);
- (void) TAG_REGION (chunk2rawmem (oldp), oldsize);
- _int_free (av, oldp, 1);
- check_inuse_chunk (av, newp);
- return chunk2mem (newp);
+ memcpy (newmem, oldmem, sz);
+ _int_free (av, oldp, 1);
+ check_inuse_chunk (av, newp);
+ return newmem;
}
}
}
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-03-19 11:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-11 17:38 [glibc/nsz/mtag] malloc: Fix a potential realloc issue with memory tagging Szabolcs Nagy
2021-03-11 17:40 Szabolcs Nagy
2021-03-19 11:56 Szabolcs Nagy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).