[PATCH] Fix malloc with really large sizes [BZ #2775]

public inbox for libc-hacker@sourceware.org
 help / color / mirror / Atom feed

* [PATCH] Fix malloc with really large sizes [BZ #2775]
@ 2006-09-07 15:50 Jakub Jelinek
  0 siblings, 0 replies; only message in thread
From: Jakub Jelinek @ 2006-09-07 15:50 UTC (permalink / raw)
  To: Ulrich Drepper; +Cc: Glibc hackers

Hi!

As the BZ#2775 testcase shows (not sure if it is appropriate for make check,
as it uses many threads to force initial thread to allocate on a different
arena than main_arena), we sometimes call grow_heap to grow a heap, but
the size is so large that the diff is negative (and in that case
grow_heap acts as shrink_heap and unlike growing e.g. assumes the diff
is already a multiple of page size).

The grow_heap change is just trying to be really safe, if e.g. old heap size
is 1MB and diff is e.g. 0x7ff01000 on 32-bit 4KB pagesize arch, then we
could easily create heap bigger than HEAP_MAX_SIZE.

2006-09-07  Jakub Jelinek  <jakub@redhat.com>

	[BZ #2775]
	* malloc/malloc.c (sYSMALLOc): Only call grow_heap if
	(long) (MINSIZE + nb - old_size) is positive.

	* malloc/arena.c (grow_heap): When growing bail even if new_size
	is negative.

--- libc/malloc/arena.c.jj	2006-09-07 16:46:50.000000000 +0200
+++ libc/malloc/arena.c	2006-09-07 17:35:38.000000000 +0200
@@ -712,7 +712,7 @@ grow_heap(h, diff) heap_info *h; long di
   if(diff >= 0) {
     diff = (diff + page_mask) & ~page_mask;
     new_size = (long)h->size + diff;
-    if(new_size > HEAP_MAX_SIZE)
+    if((unsigned long) new_size > (unsigned long) HEAP_MAX_SIZE)
       return -1;
     if(mprotect((char *)h + h->size, diff, PROT_READ|PROT_WRITE) != 0)
       return -2;
--- libc/malloc/malloc.c.jj	2006-09-04 16:42:01.000000000 +0200
+++ libc/malloc/malloc.c	2006-09-07 17:39:59.000000000 +0200
@@ -2970,7 +2970,8 @@ static Void_t* sYSMALLOc(nb, av) INTERNA
     /* First try to extend the current heap. */
     old_heap = heap_for_ptr(old_top);
     old_heap_size = old_heap->size;
-    if (grow_heap(old_heap, MINSIZE + nb - old_size) == 0) {
+    if ((long) (MINSIZE + nb - old_size) > 0
+	&& grow_heap(old_heap, MINSIZE + nb - old_size) == 0) {
       av->system_mem += old_heap->size - old_heap_size;
       arena_mem += old_heap->size - old_heap_size;
 #if 0

	Jakub

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2006-09-07 15:50 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-09-07 15:50 [PATCH] Fix malloc with really large sizes [BZ #2775] Jakub Jelinek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).