From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 71141 invoked by alias); 7 Nov 2017 15:27:31 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Received: (qmail 70992 invoked by uid 89); 7 Nov 2017 15:27:31 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.0 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=ham version=3.3.2 spammy=begins, integrity X-HELO: mail-wm0-f67.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=BpUhi7ljoC/b6J/gfuuBHpYOGhVSXAGXHSnpaGgil94=; b=q1CZXpxcmZIcsBzrVu7wsTQaYQMwNwf1nUJVu5KLCw+OpUu8GuOlKQ7k+NfeDtFBm2 Yvqi12//MTaGtCqeOnjhCkYQMh/yy4qoGN0bzjSRu8bnusHIdEXUNZxl0bcy+CbZOTpf 4TKM7P4le9CDeTW9UvxfRH5ndqnVEOmk4mR3OA894TOLllvh99O+nPsXkk6hbrdSyqIs hhAy1zOIaPYSaCwUlnrhp0sWf8fsHRi/qm+IuMYHfjS5zNhKhmqP7Ps1Itp8D+TQBTgU tJw/kbAJXF1vdKmk1W34BKOFvu1pZr5SxRikJejqBUqC++qGmo6hPTB1QveXqEWfCHk1 DYbA== X-Gm-Message-State: AJaThX5Rpxr9+sPSi34DcX8dHjUo4IrG6wz1dEnkChiTnQbp6w7/jJ1q u/RqDM+eP9s1OlYCD9N3K7Uu157o X-Google-Smtp-Source: ABhQp+Sd1f6tnY4jJ80a2BIVlZimYG7G4AdMJ1Di/P3JHNWz6pWj0KW9USAHXS+Gv+rzTdEjuIJ7Cg== X-Received: by 10.28.207.130 with SMTP id f124mr1895424wmg.88.1510068447679; Tue, 07 Nov 2017 07:27:27 -0800 (PST) From: Istvan Kurucsai To: libc-alpha@sourceware.org Cc: Istvan Kurucsai Subject: [PATCH v2 6/7] malloc: Add more integrity checks to mremap_chunk. Date: Tue, 07 Nov 2017 15:27:00 -0000 Message-Id: <1510068430-27816-7-git-send-email-pistukem@gmail.com> In-Reply-To: <1510068430-27816-1-git-send-email-pistukem@gmail.com> References: <1510068430-27816-1-git-send-email-pistukem@gmail.com> X-SW-Source: 2017-11/txt/msg00234.txt.bz2 Similarly to the ones in munmap_chunk, ensure that the mapped region begins at a page boundary, that the size is page-aligned and that the offset of the chunk into its page is a power of 2. * malloc/malloc.c (mremap_chunk): Additional checks. --- malloc/malloc.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/malloc/malloc.c b/malloc/malloc.c index 5eb661e..1a2ba04 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -2858,16 +2858,22 @@ mremap_chunk (mchunkptr p, size_t new_size) char *cp; assert (chunk_is_mmapped (p)); - assert (((size + offset) & (GLRO (dl_pagesize) - 1)) == 0); + + uintptr_t block = (uintptr_t) p - offset; + uintptr_t mem = (uintptr_t) chunk2mem(p); + size_t total_size = offset + size; + if (__glibc_unlikely ((block | total_size) & (pagesize - 1)) != 0 + || __glibc_unlikely (!powerof2 (mem & (pagesize - 1)))) + malloc_printerr("mremap_chunk(): invalid pointer"); /* Note the extra SIZE_SZ overhead as in mmap_chunk(). */ new_size = ALIGN_UP (new_size + offset + SIZE_SZ, pagesize); /* No need to remap if the number of pages does not change. */ - if (size + offset == new_size) + if (total_size == new_size) return p; - cp = (char *) __mremap ((char *) p - offset, size + offset, new_size, + cp = (char *) __mremap ((char *) block, total_size, new_size, MREMAP_MAYMOVE); if (cp == MAP_FAILED) -- 2.7.4