A very large alignment argument passed to mealign/posix_memalign
causes _int_memalign to enter an infinite loop. Limit the maximum
alignment value to the maximum representable power of two to
prevent this from happening.
Changelog:
2013-10-30 Will Newton <will.newton@linaro.org>
[BZ #16038]
* malloc/hooks.c (memalign_check): Limit alignment to the
maximum representable power of two.
* malloc/malloc.c (__libc_memalign): Likewise.
* malloc/tst-memalign.c (do_test): Add test for very
large alignment values.
* malloc/tst-posix_memalign.c (do_test): Likewise.
for ChangeLog
* malloc/arena.c (new_heap): New memory_heap_new probe.
(grow_heap): New memory_heap_more probe.
(shrink_heap): New memory_heap_less probe.
(heap_trim): New memory_heap_free probe.
* malloc/malloc.c (sysmalloc): New memory_sbrk_more probe.
(systrim): New memory_sbrk_less probe.
* manual/probes.texi: Document them.
A large bytes parameter to memalign could cause an integer overflow
and corrupt allocator internals. Check the overflow does not occur
before continuing with the allocation.
ChangeLog:
2013-09-11 Will Newton <will.newton@linaro.org>
[BZ #15857]
* malloc/malloc.c (__libc_memalign): Check the value of bytes
does not overflow.
A large bytes parameter to valloc could cause an integer overflow
and corrupt allocator internals. Check the overflow does not occur
before continuing with the allocation.
ChangeLog:
2013-09-11 Will Newton <will.newton@linaro.org>
[BZ #15856]
* malloc/malloc.c (__libc_valloc): Check the value of bytes
does not overflow.
A large bytes parameter to pvalloc could cause an integer overflow
and corrupt allocator internals. Check the overflow does not occur
before continuing with the allocation.
ChangeLog:
2013-09-11 Will Newton <will.newton@linaro.org>
[BZ #15855]
* malloc/malloc.c (__libc_pvalloc): Check the value of bytes
does not overflow.
Introduce (only on Linux) and use a HAVE_MREMAP symbol to advertize mremap
availability.
Move the malloc-sysdep.h include from arena.c to malloc.c, since what is
provided by malloc-sysdep.h is needed earlier in malloc.c, before the inclusion
of arena.c.
[BZ #1349]
malloc_usable_size returns the usable size in an allocated chunk,
which may be >= the requested size. In the case of MALLOC_CHECK_ being
exported to > 0 however, only the requested size is usable, since a
magic value is written at the end of the request size to trap writes
beyond request bounds. Hence, when MALLOC_CHECK_ is exported to > 0,
malloc_usable_size() should return the request size.
* malloc.c/arena.c (reused_arena): New parameter, avoid_arena.
When avoid_arena is set, don't retry in the that arena. Pick the
next one, whatever it might be.
(arena_get2): New parameter avoid_arena, pass through to reused_arena.
(arena_lock): Pass in new parameter to arena_get2.
* malloc/malloc.c (__libc_memalign): Pass in new parameter to
arena_get2.
(__libc_malloc): Unify retrying after main arena failure with
__libc_memalign version.
(__libc_valloc, __libc_pvalloc, __libc_calloc): Likewise.
With atomic fastbins the checks performed can race with concurrent
modifications of the arena. If we detect a problem re-do the test
after getting the lock.
The following patch fixes catomic_compare_and_exchange_*_rel definitions
(which were never used and weren't correct) and uses
catomic_compare_and_exchange_val_rel in _int_free. Comparing to the
pre-2009-07-02 --enable-experimental-malloc state the generated code should
be identical on all arches other than ppc/ppc64 and on ppc/ppc64 should use
lwsync instead of isync barrier.
2009-04-16 Ulrich Drepper <drepper@redhat.com>
[BZ #9957]
* malloc/malloc.c (force_reg): Define.
(sYSMALLOc): Load hook variable into variable
before test and force into register.
(sYSTRIm): Likewise.
(public_mALLOc): Force hook value into register.
(public_fREe): Likewise.
(public_rEALLOc): Likewise.
(public_mEMALIGn): Likewise.
(public_vALLOc): Likewise.
(public_pVALLOc): Likewise.
(public_cALLOc): Likewise.
(__posix_memalign): Likewise.
* malloc/arena.c (ptmalloc_init): Load hook variable into variable
before test and force into register.
* malloc/hooks.c (top_check): Likewise.
(public_s_ET_STATe): Pretty printing.
* resolv/res_send.c (send_dg): Don't just ignore the result we got
in case we only receive one reply in single-request mode.
Change all callers.
(_int_realloc): Likewise.
All _int_* functions are now static.
* malloc/hooks.c: Change all callers to _int_free and _int_realloc.
* malloc/arena.c: Likewise.
* include/malloc.h: Remove now unnecessary declarations of the _int_*
functions.
mTRIm for all of them.
(mTRIm): Additionally iterate over all free blocks and use madvise
to free memory for all those blocks which contain at least one
memory page.
* malloc/malloc.c (do_check_malloc_state): Minimal cleanups.
(public_sET_STATe): If ms->version < 3, put all chunks into
unsorted chunks and clear {fd,bk}_nextsize fields of largebin
chunks.
* malloc/malloc.c [MALLOC_DEBUG]: Revert 2007-05-13 changes.
* malloc/hooks.c: Likewise.
* malloc/arena.c: Likewise.
* malloc/malloc.c (do_check_malloc_state): Don't assert
n_mmaps is not greater than n_mmaps_max. This removes the need
for the previous change.
* malloc/Makefile (CFLAGS-malloc.c): Revert accidental
2007-05-07 commit.
Ondřej Bílka
Fernando J. V. da Silva
Roland McGrath
Will Newton
Alexandre Oliva
Joseph Myers
Pino Toscano
Dmitry V. Levin
Siddhesh Poyarekar
Jeff Law
H.J. Lu
Andreas Jaeger
Paul Pluzhnikov
Paul Eggert
Ulrich Drepper
Jim Meyering
Ulrich Drepper
Anton Blanchard
H.J. Lu
Petr Baudis
Andreas Schwab
John Sullivan
Jakub Jelinek