From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-hacker-return-8891-listarch-libc-hacker=sources.redhat.com@sourceware.org>
Received: (qmail 3961 invoked by alias); 28 Feb 2006 15:21:12 -0000
Received: (qmail 3943 invoked by uid 22791); 28 Feb 2006 15:21:12 -0000
X-Spam-Check-By: sourceware.org
Received: from sunsite.ms.mff.cuni.cz (HELO sunsite.mff.cuni.cz) (195.113.15.26)
    by sourceware.org (qpsmtpd/0.31) with ESMTP; Tue, 28 Feb 2006 15:21:10 +0000
Received: from sunsite.mff.cuni.cz (sunsite.mff.cuni.cz [127.0.0.1])
	by sunsite.mff.cuni.cz (8.13.1/8.13.1) with ESMTP id k1SFL1Z4003502;
	Tue, 28 Feb 2006 16:21:01 +0100
Received: (from jj@localhost)
	by sunsite.mff.cuni.cz (8.13.1/8.13.1/Submit) id k1SFL0jW003501;
	Tue, 28 Feb 2006 16:21:00 +0100
Date: Tue, 28 Feb 2006 15:21:00 -0000
From: Jakub Jelinek <jakub@redhat.com>
To: Ulrich Drepper <drepper@redhat.com>, Roland McGrath <roland@redhat.com>,
        Wolfram Gloger <wg@malloc.de>
Cc: Glibc hackers <libc-hacker@sources.redhat.com>
Subject: [PATCH] Make sure MALLOC_ALIGNMENT is at least long double's alignment
Message-ID: <20060228152100.GH30252@sunsite.mff.cuni.cz>
Reply-To: Jakub Jelinek <jakub@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Mailing-List: contact libc-hacker-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:libc-hacker-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-hacker/>
List-Post: <mailto:libc-hacker@sourceware.org>
List-Help: <mailto:libc-hacker-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-hacker-owner@sourceware.org
X-SW-Source: 2006-02/txt/msg00062.txt.bz2

Hi!

The recent switch to 128-bit long double on ppc32 broke malloc,
as on this 32-bit arch long double is 16 byte aligned, but malloc
was only guaranteeing 8 byte aligment so far.
On sparc32 and s390 this is not a problem, since __alignof__ (long double)
is 8.

But, apparently some of the quick checks for invalid pointers don't
work when MALLOC_ALIGNMENT is bigger than 2 * SIZE_SZ, in that case
the pointer returned to the user must be MALLOC_ALIGNMENT aligned,
not the chunk pointer (which is always user pointer - 2 * SIZE_SZ).

With this, ppc32 glibc passes make check.
I haven't checked though if this pessimizes code on i?86/x86_64 or other
important arches, will do soon.  If it does, then we might consider doing:

#define check_align_OK(chunkptr, userptr) \
  (MALLOC_ALIGNMENT > 2 * SIZE_SZ \
   ? __builtin_expect ((uintptr_t) userptr & MALLOC_ALIGN_MASK, 0) \
   : __builtin_expect ((uintptr_t) chunkptr & MALLOC_ALIGN_MASK, 0))

and using check_align_OK (oldp, oldmem) etc.

2006-02-28  Jakub Jelinek  <jakub@redhat.com>

	* malloc/malloc.c (MALLOC_ALIGNMENT): Set to __alignof__ (long double)
	if long double is more aligned than 2 * SIZE_SZ.
	(public_rEALLOc, _int_free, _int_realloc): Check that *mem is aligned,
	rather than corresponding mem2chunk pointer.

--- libc/malloc/malloc.c	2005-12-30 09:04:02.000000000 +0100
+++ libc/malloc/malloc.c	2006-02-28 15:30:20.000000000 +0100
@@ -188,7 +188,8 @@
     Changing default word sizes:
 
     INTERNAL_SIZE_T            size_t
-    MALLOC_ALIGNMENT           2 * sizeof(INTERNAL_SIZE_T)
+    MALLOC_ALIGNMENT           MAX (2 * sizeof(INTERNAL_SIZE_T),
+				    __alignof__ (long double))
 
     Configuration and functionality options:
 
@@ -380,7 +381,8 @@ extern "C" {
 
 
 #ifndef MALLOC_ALIGNMENT
-#define MALLOC_ALIGNMENT       (2 * SIZE_SZ)
+#define MALLOC_ALIGNMENT       (2 * SIZE_SZ < __alignof__ (long double) \
+				? __alignof__ (long double) : 2 * SIZE_SZ)
 #endif
 
 /* The corresponding bit mask value */
@@ -3468,7 +3470,7 @@ public_rEALLOc(Void_t* oldmem, size_t by
      Therefore we can exclude some size values which might appear
      here by accident or by "design" from some intruder.  */
   if (__builtin_expect ((uintptr_t) oldp > (uintptr_t) -oldsize, 0)
-      || __builtin_expect ((uintptr_t) oldp & MALLOC_ALIGN_MASK, 0))
+      || __builtin_expect ((uintptr_t) oldmem & MALLOC_ALIGN_MASK, 0))
     {
       malloc_printerr (check_action, "realloc(): invalid pointer", oldmem);
       return NULL;
@@ -4282,7 +4284,7 @@ _int_free(mstate av, Void_t* mem)
      Therefore we can exclude some size values which might appear
      here by accident or by "design" from some intruder.  */
   if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)
-      || __builtin_expect ((uintptr_t) p & MALLOC_ALIGN_MASK, 0))
+      || __builtin_expect ((uintptr_t) mem & MALLOC_ALIGN_MASK, 0))
     {
       errstr = "free(): invalid pointer";
     errout:
@@ -4628,7 +4630,7 @@ _int_realloc(mstate av, Void_t* oldmem, 
   oldsize = chunksize(oldp);
 
   /* Simple tests for old block integrity.  */
-  if (__builtin_expect ((uintptr_t) oldp & MALLOC_ALIGN_MASK, 0))
+  if (__builtin_expect ((uintptr_t) oldmem & MALLOC_ALIGN_MASK, 0))
     {
       errstr = "realloc(): invalid pointer";
     errout:

	Jakub