From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 111247 invoked by alias); 17 Jan 2020 14:13:23 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 111236 invoked by uid 89); 17 Jan 2020 14:13:22 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.3 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-18.7 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_SHORT,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy= X-Spam-Status: No, score=-18.7 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_SHORT,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: us-smtp-delivery-1.mimecast.com Received: from us-smtp-1.mimecast.com (HELO us-smtp-delivery-1.mimecast.com) (207.211.31.81) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 17 Jan 2020 14:13:12 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579270390; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sTI1JAF73IFOX17RHRz+QxmaeF/b77p/Z8IAs3fe6so=; b=DrJt7ptCetM+5Bxd3n0NkKzu+Zte7Kjp2072fSwyQKGdvoqbjdiLotqaKqNI9YReY8vEQ1 TBXbUvw5f7nYg7aShmKuC5iNgUx+W9pMo/0kWtCebwl2e4dtrCEhl5H7emebGXvjNoBEVH LJ2N9qteNSl6dAdW4RsdKU3iZP2chAI= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-321-oHybJSrtMBKJEFzeRJHUNA-1; Fri, 17 Jan 2020 09:13:09 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 87F5E477 for ; Fri, 17 Jan 2020 14:13:08 +0000 (UTC) Received: from oldenburg2.str.redhat.com (ovpn-117-165.ams2.redhat.com [10.36.117.165]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4FB1084D80 for ; Fri, 17 Jan 2020 14:13:08 +0000 (UTC) Received: by oldenburg2.str.redhat.com (Postfix, from userid 1000) id 673658299EEC; Fri, 17 Jan 2020 15:13:06 +0100 (CET) Date: Wed, 01 Jan 2020 00:00:00 -0000 To: libc-stable@sourceware.org Subject: [2.30 COMMITTED] Remove incorrect alloc_size attribute from pvalloc [BZ #25401] User-Agent: Heirloom mailx 12.5 7/5/10 MIME-Version: 1.0 Message-Id: <20200117141306.673658299EEC@oldenburg2.str.redhat.com> From: Florian Weimer X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-MC-Unique: oHybJSrtMBKJEFzeRJHUNA-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2020-01/txt/msg00013.txt.bz2 pvalloc is guarantueed to round up the allocation size to the page size, so applications can assume that the memory region is larger than the passed-in argument. The alloc_size attribute cannot express that. The test case is based on a suggestion from Jakub Jelinek. This fixes commit 9bf8e29ca136094f73f69f725f15c51facc97206 ("malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)"). Reviewed-by: Adhemerval Zanella (cherry picked from commit 768c83b7f60d82db6677e19dc51be9f341e0f3fc) diff --git a/NEWS b/NEWS index 1352a339ab..2c707f35ff 100644 --- a/NEWS +++ b/NEWS @@ -33,6 +33,7 @@ The following bugs are resolved with this release: [25204] Ignore LD_PREFER_MAP_32BIT_EXEC for SUID programs [25225] ld.so fails to link on x86 if GCC defaults to -fcf-protection [25232] No const correctness for strchr et al. for Clang++ + [25401] Remove incorrect alloc_size attribute from pvalloc Version 2.30 diff --git a/malloc/Makefile b/malloc/Makefile index 742c515eb2..9698574bba 100644 --- a/malloc/Makefile +++ b/malloc/Makefile @@ -27,7 +27,7 @@ headers := $(dist-headers) obstack.h mcheck.h tests := mallocbug tst-malloc tst-valloc tst-calloc tst-obstack \ tst-mcheck tst-mallocfork tst-trim1 \ tst-malloc-usable tst-realloc tst-reallocarray tst-posix_memalign \ - tst-pvalloc tst-memalign tst-mallopt \ + tst-pvalloc tst-pvalloc-fortify tst-memalign tst-mallopt \ tst-malloc-backtrace tst-malloc-thread-exit \ tst-malloc-thread-fail tst-malloc-fork-deadlock \ tst-mallocfork2 \ diff --git a/malloc/malloc.h b/malloc/malloc.h index 70d8282bdc..f62c6c594c 100644 --- a/malloc/malloc.h +++ b/malloc/malloc.h @@ -71,8 +71,7 @@ extern void *valloc (size_t __size) __THROW __attribute_malloc__ /* Equivalent to valloc(minimum-page-that-holds(n)), that is, round up __size to nearest pagesize. */ -extern void *pvalloc (size_t __size) __THROW __attribute_malloc__ - __attribute_alloc_size__ ((1)) __wur; +extern void *pvalloc (size_t __size) __THROW __attribute_malloc__ __wur; /* Underlying allocation function; successive calls should return contiguous pieces of memory. */ diff --git a/malloc/tst-pvalloc-fortify.c b/malloc/tst-pvalloc-fortify.c new file mode 100644 index 0000000000..391b7fa2f5 --- /dev/null +++ b/malloc/tst-pvalloc-fortify.c @@ -0,0 +1,48 @@ +/* Test fortify-source allocation size handling in pvalloc (bug 25401). + Copyright (C) 2020 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; see the file COPYING.LIB. If + not, see . */ + +#undef _FORTIFY_SOURCE +#define _FORTIFY_SOURCE 2 +#include +#include +#include +#include +#include + +static int +do_test (void) +{ + /* The test below assumes that pvalloc rounds up the allocation size + to at least 8. */ + TEST_VERIFY (xsysconf (_SC_PAGESIZE) >= 8); + + void *p = pvalloc (5); + TEST_VERIFY_EXIT (p != NULL); + + /* This is valid assuming the page size is at least 8 because + pvalloc rounds up the allocation size to a multiple of the page + size. Due to bug 25041, this used to trigger a compiler + warning. */ + strcpy (p, "abcdefg"); + + asm ("" : : "g" (p) : "memory"); /* Optimization barrier. */ + TEST_VERIFY (malloc_usable_size (p) >= xsysconf (_SC_PAGESIZE)); + return 0; +} + +#include