From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a]) by sourceware.org (Postfix) with ESMTPS id 21E7D3858C2D for ; Tue, 16 Aug 2022 19:14:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 21E7D3858C2D Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=konscious.net Authentication-Results: sourceware.org; spf=none smtp.mailfrom=konscious.net Received: by mail-pj1-x102a.google.com with SMTP id s31-20020a17090a2f2200b001faaf9d92easo477873pjd.3 for ; Tue, 16 Aug 2022 12:14:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konscious-net.20210112.gappssmtp.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc; bh=yoqsqNBImMepbpJGyYEXfRY/SQkMqfKkzeCtmAwXURk=; b=qkJaVXpTfWsaEX+V8SoBMC1SGoACnMj+efJ2Feu6zNNCNtzVliwKLDHPxjd90u1c2K gGfh8xfDbOOL7tMdXarCKvjiiT9+XeeRFlwKU/HqSLiw4k4AzCYy0t+9bmgGMcxEFNdV 3uHeuxfMkbbyZVm8ZAK2yINIDOwh7t27Xyrv1auu2sDDxKn6yR71MrjSKiE0RmNRZy6s NRP6JN2aO/Vhm4zNZcR1rIw4po2B4Z/L6OWOuPD5BCz2ue7xASrhB99Kji/sIZZphWot UvdPmKWTT03zG/yLXlyAuFfBPCtirDqUZi6CmFcjydU6tw88a1gTrjYo/1uSq6T6zerc Uh3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc; bh=yoqsqNBImMepbpJGyYEXfRY/SQkMqfKkzeCtmAwXURk=; b=GFv/Hy8QGXpzN52g+wyHy6DHNcYiQlmSyc9qGAljqT3CyfBYmPvAUsSLX1c4kF0xLA 3Iaysokpkn2fThCbV90YzkcorZNR9EB3x8W/J3UMetPaXQXJpMh32B3/WD2NVdfCNv6b Inxc6YckQmOW1PKKDbxKXH7STXe7rIEYSeYMMJgWxHIVgIRQIsL+5Dr92yU3VAEp99tx SFDnXEK8J3/JqXqt65SBOdr8L8L6xzCJrPxBYQaMmxs178zOvC31P/Z05EL7FupN2zke peeRQnkG3lRsyrJ54s4yrf0NDWRrC4GWLaaF336GTlcouNuESWs+4njf8e2M+3Ci98ix h44Q== X-Gm-Message-State: ACgBeo1FCBi1z1Wdn9vH5f0QSK5zRGQXk790iyz1JparJPY+vODnwSyF iaScMQ3f1nAj7+WW4ppMtGnNGxx4/ughWtrsdxA+dLZZq0256Z8= X-Google-Smtp-Source: AA6agR4x+X+lPxllECLHVdHbNytcIJuLdWLhcvTOyecOySY+gAlfjf0sytF7GET5DL1cgU67FiweM8K/TCOHmmKHck0= X-Received: by 2002:a17:90a:b794:b0:1f4:feec:2910 with SMTP id m20-20020a17090ab79400b001f4feec2910mr34393pjr.214.1660677282809; Tue, 16 Aug 2022 12:14:42 -0700 (PDT) MIME-Version: 1.0 From: Keef Aragon Date: Tue, 16 Aug 2022 12:14:31 -0700 Message-ID: Subject: [PATCH] bug in emergency cxa pool free() To: libstdc++@gcc.gnu.org, gcc-patches@gcc.gnu.org Content-Type: multipart/mixed; boundary="000000000000877c1605e6608fe3" X-Spam-Status: No, score=-11.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: libstdc++@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libstdc++ mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2022 19:14:46 -0000 --000000000000877c1605e6608fe3 Content-Type: text/plain; charset="UTF-8" This probably has never actually affected anyone in practice. The normal ABI implementation just uses malloc and only falls back to the pool on malloc failure. But if that happens a bunch of times the freelist gets out of order which violates some of the invariants of the freelist (as well as the comments that follow the bug). The bug is just a comparison reversal when traversing the freelist in the case where the pointer being returned to the pool is after the existing freelist. I'm not sure what to do as far as the test suite is concerned. It's a private part of the implementation of the exception handling ABI and it can only ever be triggered if malloc fails (repeatedly). So it seems like reproducing it from the external interface will require hooking malloc to forcibly return NULL. But I'm a newb on these lists, so will obediently do as instructed. --000000000000877c1605e6608fe3 Content-Type: text/x-patch; charset="US-ASCII"; name="eh_alloc.patch" Content-Disposition: attachment; filename="eh_alloc.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_l6wkda4j0 ZGlmZiAtLWdpdCBhL2xpYnN0ZGMrKy12My9DaGFuZ2VMb2ctMjAyMiBiL2xpYnN0ZGMrKy12My9D aGFuZ2VMb2ctMjAyMgpuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMC4uODA1 N2RlNTg1MzkKLS0tIC9kZXYvbnVsbAorKysgYi9saWJzdGRjKystdjMvQ2hhbmdlTG9nLTIwMjIK QEAgLTAsMCArMSw0IEBACisyMDIyLTA4LTE2ICBLZWVmIEFyYWdvbiAgPGtlZWYuYXJhZ29uQGtv bnNjaW91cy5uZXQ+CisKKyAgICAgICAgKiBsaWJzdGRjKystdjMvbGlic3VwYysrL2VoX2FsbG9j LmNjOiBpbnZlcnNlIGNvbXBhcmlzb24gaW4gcG9vbDo6ZnJlZQorCmRpZmYgLS1naXQgYS9saWJz dGRjKystdjMvbGlic3VwYysrL2VoX2FsbG9jLmNjIGIvbGlic3RkYysrLXYzL2xpYnN1cGMrKy9l aF9hbGxvYy5jYwppbmRleCBjODViOWFlZDQwYi4uY2FkMjc1MGUzYjkgMTAwNjQ0Ci0tLSBhL2xp YnN0ZGMrKy12My9saWJzdXBjKysvZWhfYWxsb2MuY2MKKysrIGIvbGlic3RkYysrLXYzL2xpYnN1 cGMrKy9laF9hbGxvYy5jYwpAQCAtMjI1LDcgKzIyNSw3IEBAIG5hbWVzcGFjZQogCSAgZm9yIChm ZSA9ICZmaXJzdF9mcmVlX2VudHJ5OwogCSAgICAgICAoKmZlKS0+bmV4dAogCSAgICAgICAmJiAo cmVpbnRlcnByZXRfY2FzdCA8Y2hhciAqPiAoKCpmZSktPm5leHQpCi0JCSAgID4gcmVpbnRlcnBy ZXRfY2FzdCA8Y2hhciAqPiAoZSkgKyBzeik7CisJCSAgIDwgcmVpbnRlcnByZXRfY2FzdCA8Y2hh ciAqPiAoZSkgKyBzeik7CiAJICAgICAgIGZlID0gJigqZmUpLT5uZXh0KQogCSAgICA7CiAJICAv LyBJZiB3ZSBjYW4gbWVyZ2UgdGhlIG5leHQgYmxvY2sgaW50byB1cyBkbyBzbyBhbmQgY29udGlu dWUK --000000000000877c1605e6608fe3--