diff options
author | Siddhesh Poyarekar <siddhesh@redhat.com> | 2012-09-05 21:49:00 +0530 |
---|---|---|
committer | Siddhesh Poyarekar <siddhesh@redhat.com> | 2012-09-05 21:49:30 +0530 |
commit | 6ef9cc37f0ea151a54e5c8a19950a6d5b6ff8a96 (patch) | |
tree | 7dfbbb3bbdde79ba6bc06a209102c988c53e6e1c | |
parent | 4d038ae3163aba04218b05f3983473b25c943b8b (diff) | |
download | glibc-6ef9cc37f0ea151a54e5c8a19950a6d5b6ff8a96.tar glibc-6ef9cc37f0ea151a54e5c8a19950a6d5b6ff8a96.tar.gz glibc-6ef9cc37f0ea151a54e5c8a19950a6d5b6ff8a96.tar.bz2 glibc-6ef9cc37f0ea151a54e5c8a19950a6d5b6ff8a96.zip |
Return requested size for malloc_usable_size when MALLOC_CHECK_ > 0
[BZ #1349]
malloc_usable_size returns the usable size in an allocated chunk,
which may be >= the requested size. In the case of MALLOC_CHECK_ being
exported to > 0 however, only the requested size is usable, since a
magic value is written at the end of the request size to trap writes
beyond request bounds. Hence, when MALLOC_CHECK_ is exported to > 0,
malloc_usable_size() should return the request size.
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | NEWS | 8 | ||||
-rw-r--r-- | malloc/Makefile | 6 | ||||
-rw-r--r-- | malloc/hooks.c | 31 | ||||
-rw-r--r-- | malloc/malloc.c | 5 | ||||
-rw-r--r-- | malloc/tst-malloc-usable.c | 49 |
6 files changed, 100 insertions, 9 deletions
@@ -1,3 +1,13 @@ +2012-09-05 Siddhesh Poyarekar <siddhesh@redhat.com> + + [BZ #1349] + * malloc/Makefile (tests): Add tst-malloc-usable test case. + (tst-malloc-usable-ENV): Set environment for test case. + * malloc/hooks.c (malloc_check_get_size): New function to get + requested size. + * malloc/malloc.c (musable): Use malloc_check_get_size. + * malloc/tst-malloc-usable.c: New test case. + 2012-09-05 Andreas Schwab <schwab@linux-m68k.org> * stdlib/tst-strtod-overflow.c (TIMEOUT): Define. @@ -9,10 +9,10 @@ Version 2.17 * The following bugs are resolved with this release: - 3479, 5400, 6778, 6808, 9685, 9914, 11607, 13412, 13717, 13696, 13939, - 13966, 14042, 14090, 14166, 14150, 14151, 14154, 14157, 14166, 14173, - 14195, 14252, 14283, 14298, 14303, 14307, 14328, 14331, 14336, 14337, - 14347, 14349, 14459, 14476, 14505, 14516, 14519, 14532, 14538 + 1349, 3479, 5400, 6778, 6808, 9685, 9914, 11607, 13412, 13717, 13696, + 13939, 13966, 14042, 14090, 14166, 14150, 14151, 14154, 14157, 14166, + 14173, 14195, 14252, 14283, 14298, 14303, 14307, 14328, 14331, 14336, + 14337, 14347, 14349, 14459, 14476, 14505, 14516, 14519, 14532, 14538 * Support for STT_GNU_IFUNC symbols added for s390 and s390x. Optimized versions of memcpy, memset, and memcmp added for System z10 and diff --git a/malloc/Makefile b/malloc/Makefile index 5d6d716a78..55c675b2cd 100644 --- a/malloc/Makefile +++ b/malloc/Makefile @@ -1,5 +1,4 @@ -# Copyright (C) 1991-2003, 2005, 2006, 2007, 2009, 2011, 2012 -# Free Software Foundation, Inc. +# Copyright (C) 1991-2012 Free Software Foundation, Inc. # This file is part of the GNU C Library. # The GNU C Library is free software; you can redistribute it and/or @@ -26,7 +25,7 @@ all: dist-headers := malloc.h headers := $(dist-headers) obstack.h mcheck.h tests := mallocbug tst-malloc tst-valloc tst-calloc tst-obstack \ - tst-mallocstate tst-mcheck tst-mallocfork tst-trim1 + tst-mallocstate tst-mcheck tst-mallocfork tst-trim1 tst-malloc-usable test-srcs = tst-mtrace routines = malloc morecore mcheck mtrace obstack @@ -116,6 +115,7 @@ endif endif tst-mcheck-ENV = MALLOC_CHECK_=3 +tst-malloc-usable-ENV = MALLOC_CHECK_=3 CPPFLAGS-malloc.c += -DPER_THREAD # Uncomment this for test releases. For public releases it is too expensive. diff --git a/malloc/hooks.c b/malloc/hooks.c index 8a34c78488..b38dffbdf6 100644 --- a/malloc/hooks.c +++ b/malloc/hooks.c @@ -1,5 +1,5 @@ /* Malloc implementation for multiple threads without lock contention. - Copyright (C) 2001-2009, 2011, 2012 Free Software Foundation, Inc. + Copyright (C) 2001-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Wolfram Gloger <wg@malloc.de>, 2001. @@ -89,6 +89,35 @@ __malloc_check_init() #define MAGICBYTE(p) ( ( ((size_t)p >> 3) ^ ((size_t)p >> 11)) & 0xFF ) +/* Visualize the chunk as being partitioned into blocks of 256 bytes from the + highest address of the chunk, downwards. The beginning of each block tells + us the size of the previous block, up to the actual size of the requested + memory. Our magic byte is right at the end of the requested size, so we + must reach it with this iteration, otherwise we have witnessed a memory + corruption. */ +static size_t +malloc_check_get_size(mchunkptr p) +{ + size_t size; + unsigned char c; + unsigned char magic = MAGICBYTE(p); + + assert(using_malloc_checking == 1); + + for (size = chunksize(p) - 1 + (chunk_is_mmapped(p) ? 0 : SIZE_SZ); + (c = ((unsigned char*)p)[size]) != magic; + size -= c) { + if(c<=0 || size<(c+2*SIZE_SZ)) { + malloc_printerr(check_action, "malloc_check_get_size: memory corruption", + chunk2mem(p)); + return 0; + } + } + + /* chunk2mem size. */ + return size - 2*SIZE_SZ; +} + /* Instrument a chunk with overrun detector byte(s) and convert it into a user pointer with requested size sz. */ diff --git a/malloc/malloc.c b/malloc/malloc.c index 0f1796c913..bd562df959 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -1,5 +1,5 @@ /* Malloc implementation for multiple threads without lock contention. - Copyright (C) 1996-2009, 2010, 2011, 2012 Free Software Foundation, Inc. + Copyright (C) 1996-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Wolfram Gloger <wg@malloc.de> and Doug Lea <dl@cs.oswego.edu>, 2001. @@ -4563,6 +4563,9 @@ musable(void* mem) mchunkptr p; if (mem != 0) { p = mem2chunk(mem); + + if (__builtin_expect(using_malloc_checking == 1, 0)) + return malloc_check_get_size(p); if (chunk_is_mmapped(p)) return chunksize(p) - 2*SIZE_SZ; else if (inuse(p)) diff --git a/malloc/tst-malloc-usable.c b/malloc/tst-malloc-usable.c new file mode 100644 index 0000000000..18decd852c --- /dev/null +++ b/malloc/tst-malloc-usable.c @@ -0,0 +1,49 @@ +/* Ensure that malloc_usable_size returns the request size with + MALLOC_CHECK_ exported to a positive value. + + Copyright (C) 2012 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#include <malloc.h> +#include <string.h> +#include <stdio.h> + +static int +do_test (void) +{ + size_t usable_size; + void *p = malloc (7); + if (!p) + { + printf ("memory allocation failed\n"); + return 1; + } + + usable_size = malloc_usable_size (p); + if (usable_size != 7) + { + printf ("malloc_usable_size: expected 7 but got %zu\n", usable_size); + return 1; + } + + memset (p, 0, usable_size); + free (p); + return 0; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" |