1996-12-08 08:01:13 +00:00
|
|
|
/* Prototypes and definition for malloc implementation.
|
2020-01-01 00:14:33 +00:00
|
|
|
Copyright (C) 1996-2020 Free Software Foundation, Inc.
|
1996-12-08 08:01:13 +00:00
|
|
|
This file is part of the GNU C Library.
|
|
|
|
|
|
|
|
The GNU C Library is free software; you can redistribute it and/or
|
2001-07-06 04:58:11 +00:00
|
|
|
modify it under the terms of the GNU Lesser General Public
|
|
|
|
License as published by the Free Software Foundation; either
|
|
|
|
version 2.1 of the License, or (at your option) any later version.
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
The GNU C Library is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
2001-07-06 04:58:11 +00:00
|
|
|
Lesser General Public License for more details.
|
1996-12-08 08:01:13 +00:00
|
|
|
|
2001-07-06 04:58:11 +00:00
|
|
|
You should have received a copy of the GNU Lesser General Public
|
2012-02-09 23:18:22 +00:00
|
|
|
License along with the GNU C Library; if not, see
|
Prefer https to http for gnu.org and fsf.org URLs
Also, change sources.redhat.com to sourceware.org.
This patch was automatically generated by running the following shell
script, which uses GNU sed, and which avoids modifying files imported
from upstream:
sed -ri '
s,(http|ftp)(://(.*\.)?(gnu|fsf|sourceware)\.org($|[^.]|\.[^a-z])),https\2,g
s,(http|ftp)(://(.*\.)?)sources\.redhat\.com($|[^.]|\.[^a-z]),https\2sourceware.org\4,g
' \
$(find $(git ls-files) -prune -type f \
! -name '*.po' \
! -name 'ChangeLog*' \
! -path COPYING ! -path COPYING.LIB \
! -path manual/fdl-1.3.texi ! -path manual/lgpl-2.1.texi \
! -path manual/texinfo.tex ! -path scripts/config.guess \
! -path scripts/config.sub ! -path scripts/install-sh \
! -path scripts/mkinstalldirs ! -path scripts/move-if-change \
! -path INSTALL ! -path locale/programs/charmap-kw.h \
! -path po/libc.pot ! -path sysdeps/gnu/errlist.c \
! '(' -name configure \
-execdir test -f configure.ac -o -f configure.in ';' ')' \
! '(' -name preconfigure \
-execdir test -f preconfigure.ac ';' ')' \
-print)
and then by running 'make dist-prepare' to regenerate files built
from the altered files, and then executing the following to cleanup:
chmod a+x sysdeps/unix/sysv/linux/riscv/configure
# Omit irrelevant whitespace and comment-only changes,
# perhaps from a slightly-different Autoconf version.
git checkout -f \
sysdeps/csky/configure \
sysdeps/hppa/configure \
sysdeps/riscv/configure \
sysdeps/unix/sysv/linux/csky/configure
# Omit changes that caused a pre-commit check to fail like this:
# remote: *** error: sysdeps/powerpc/powerpc64/ppc-mcount.S: trailing lines
git checkout -f \
sysdeps/powerpc/powerpc64/ppc-mcount.S \
sysdeps/unix/sysv/linux/s390/s390-64/syscall.S
# Omit change that caused a pre-commit check to fail like this:
# remote: *** error: sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S: last line does not end in newline
git checkout -f sysdeps/sparc/sparc64/multiarch/memcpy-ultra3.S
2019-09-07 05:40:42 +00:00
|
|
|
<https://www.gnu.org/licenses/>. */
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
#ifndef _MALLOC_H
|
1996-12-10 03:08:06 +00:00
|
|
|
#define _MALLOC_H 1
|
1996-12-08 08:01:13 +00:00
|
|
|
|
1999-06-19 09:58:37 +00:00
|
|
|
#include <features.h>
|
2005-01-12 01:56:21 +00:00
|
|
|
#include <stddef.h>
|
2009-04-09 05:45:42 +00:00
|
|
|
#include <stdio.h>
|
1996-12-08 08:01:13 +00:00
|
|
|
|
2013-01-07 15:00:47 +00:00
|
|
|
#ifdef _LIBC
|
2011-05-30 00:40:08 +00:00
|
|
|
# define __MALLOC_HOOK_VOLATILE
|
2013-01-07 15:00:47 +00:00
|
|
|
# define __MALLOC_DEPRECATED
|
|
|
|
#else
|
|
|
|
# define __MALLOC_HOOK_VOLATILE volatile
|
2011-05-30 01:10:23 +00:00
|
|
|
# define __MALLOC_DEPRECATED __attribute_deprecated__
|
2013-01-07 15:00:47 +00:00
|
|
|
#endif
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
|
2005-01-12 01:56:21 +00:00
|
|
|
__BEGIN_DECLS
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
/* Allocate SIZE bytes of memory. */
|
malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)
As discussed previously on libc-alpha [1], this patch follows up the idea
and add both the __attribute_alloc_size__ on malloc functions (malloc,
calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit
maximum requested allocation size to up PTRDIFF_MAX (taking into
consideration internal padding and alignment).
This aligns glibc with gcc expected size defined by default warning
-Walloc-size-larger-than value which warns for allocation larger than
PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and
expected size, such as described in PR#67999 [2] and previously discussed
ISO C11 issues [3] on libc-alpha.
From the RFC thread [4] and previous discussion, it seems that consensus
is only to limit such requested size for malloc functions, not the system
allocation one (mmap, sbrk, etc.).
The implementation changes checked_request2size to check for both overflow
and maximum object size up to PTRDIFF_MAX. No additional checks are done
on sysmalloc, so it can still issue mmap with values larger than
PTRDIFF_T depending on the requested size.
The __attribute_alloc_size__ is for functions that return a pointer only,
which means it cannot be applied to posix_memalign (see remarks in GCC
PR#87683 [5]). The runtimes checks to limit maximum requested allocation
size does applies to posix_memalign.
Checked on x86_64-linux-gnu and i686-linux-gnu.
[1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999
[3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html
[4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html
[5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683
[BZ #23741]
* malloc/hooks.c (malloc_check, realloc_check): Use
__builtin_add_overflow on overflow check and adapt to
checked_request2size change.
* malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign,
__libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum
allocation size to PTRDIFF_MAX.
(REQUEST_OUT_OF_RANGE): Remove macro.
(checked_request2size): Change to inline function and limit maximum
requested size to PTRDIFF_MAX.
(__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit
maximum allocation size to PTRDIFF_MAX.
(_mid_memalign): Use _int_memalign call for overflow check.
(__libc_pvalloc): Use __builtin_add_overflow on overflow check.
(__libc_calloc): Use __builtin_mul_overflow for overflow check and
limit maximum requested size to PTRDIFF_MAX.
* malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign,
valloc, pvalloc): Add __attribute_alloc_size__.
* stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise.
* malloc/tst-malloc-too-large.c (do_test): Add check for allocation
larger than PTRDIFF_MAX.
* malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than=
around tests of malloc with negative sizes.
* malloc/tst-posix_memalign.c (do_test): Likewise.
* malloc/tst-pvalloc.c (do_test): Likewise.
* malloc/tst-valloc.c (do_test): Likewise.
* malloc/tst-reallocarray.c (do_test): Replace call to reallocarray
with resulting size allocation larger than PTRDIFF_MAX with
reallocarray_nowarn.
(reallocarray_nowarn): New function.
* NEWS: Mention the malloc function semantic change.
2018-12-18 18:30:56 +00:00
|
|
|
extern void *malloc (size_t __size) __THROW __attribute_malloc__
|
|
|
|
__attribute_alloc_size__ ((1)) __wur;
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
/* Allocate NMEMB elements of SIZE bytes each, all initialized to 0. */
|
2011-05-30 00:40:08 +00:00
|
|
|
extern void *calloc (size_t __nmemb, size_t __size)
|
malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)
As discussed previously on libc-alpha [1], this patch follows up the idea
and add both the __attribute_alloc_size__ on malloc functions (malloc,
calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit
maximum requested allocation size to up PTRDIFF_MAX (taking into
consideration internal padding and alignment).
This aligns glibc with gcc expected size defined by default warning
-Walloc-size-larger-than value which warns for allocation larger than
PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and
expected size, such as described in PR#67999 [2] and previously discussed
ISO C11 issues [3] on libc-alpha.
From the RFC thread [4] and previous discussion, it seems that consensus
is only to limit such requested size for malloc functions, not the system
allocation one (mmap, sbrk, etc.).
The implementation changes checked_request2size to check for both overflow
and maximum object size up to PTRDIFF_MAX. No additional checks are done
on sysmalloc, so it can still issue mmap with values larger than
PTRDIFF_T depending on the requested size.
The __attribute_alloc_size__ is for functions that return a pointer only,
which means it cannot be applied to posix_memalign (see remarks in GCC
PR#87683 [5]). The runtimes checks to limit maximum requested allocation
size does applies to posix_memalign.
Checked on x86_64-linux-gnu and i686-linux-gnu.
[1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999
[3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html
[4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html
[5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683
[BZ #23741]
* malloc/hooks.c (malloc_check, realloc_check): Use
__builtin_add_overflow on overflow check and adapt to
checked_request2size change.
* malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign,
__libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum
allocation size to PTRDIFF_MAX.
(REQUEST_OUT_OF_RANGE): Remove macro.
(checked_request2size): Change to inline function and limit maximum
requested size to PTRDIFF_MAX.
(__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit
maximum allocation size to PTRDIFF_MAX.
(_mid_memalign): Use _int_memalign call for overflow check.
(__libc_pvalloc): Use __builtin_add_overflow on overflow check.
(__libc_calloc): Use __builtin_mul_overflow for overflow check and
limit maximum requested size to PTRDIFF_MAX.
* malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign,
valloc, pvalloc): Add __attribute_alloc_size__.
* stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise.
* malloc/tst-malloc-too-large.c (do_test): Add check for allocation
larger than PTRDIFF_MAX.
* malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than=
around tests of malloc with negative sizes.
* malloc/tst-posix_memalign.c (do_test): Likewise.
* malloc/tst-pvalloc.c (do_test): Likewise.
* malloc/tst-valloc.c (do_test): Likewise.
* malloc/tst-reallocarray.c (do_test): Replace call to reallocarray
with resulting size allocation larger than PTRDIFF_MAX with
reallocarray_nowarn.
(reallocarray_nowarn): New function.
* NEWS: Mention the malloc function semantic change.
2018-12-18 18:30:56 +00:00
|
|
|
__THROW __attribute_malloc__ __attribute_alloc_size__ ((1, 2)) __wur;
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
/* Re-allocate the previously allocated block in __ptr, making the new
|
|
|
|
block SIZE bytes long. */
|
2007-07-19 17:05:14 +00:00
|
|
|
/* __attribute_malloc__ is not used, because if realloc returns
|
|
|
|
the same pointer that was passed to it, aliasing needs to be allowed
|
|
|
|
between objects pointed by the old and new pointers. */
|
2011-05-30 00:40:08 +00:00
|
|
|
extern void *realloc (void *__ptr, size_t __size)
|
malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)
As discussed previously on libc-alpha [1], this patch follows up the idea
and add both the __attribute_alloc_size__ on malloc functions (malloc,
calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit
maximum requested allocation size to up PTRDIFF_MAX (taking into
consideration internal padding and alignment).
This aligns glibc with gcc expected size defined by default warning
-Walloc-size-larger-than value which warns for allocation larger than
PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and
expected size, such as described in PR#67999 [2] and previously discussed
ISO C11 issues [3] on libc-alpha.
From the RFC thread [4] and previous discussion, it seems that consensus
is only to limit such requested size for malloc functions, not the system
allocation one (mmap, sbrk, etc.).
The implementation changes checked_request2size to check for both overflow
and maximum object size up to PTRDIFF_MAX. No additional checks are done
on sysmalloc, so it can still issue mmap with values larger than
PTRDIFF_T depending on the requested size.
The __attribute_alloc_size__ is for functions that return a pointer only,
which means it cannot be applied to posix_memalign (see remarks in GCC
PR#87683 [5]). The runtimes checks to limit maximum requested allocation
size does applies to posix_memalign.
Checked on x86_64-linux-gnu and i686-linux-gnu.
[1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999
[3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html
[4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html
[5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683
[BZ #23741]
* malloc/hooks.c (malloc_check, realloc_check): Use
__builtin_add_overflow on overflow check and adapt to
checked_request2size change.
* malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign,
__libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum
allocation size to PTRDIFF_MAX.
(REQUEST_OUT_OF_RANGE): Remove macro.
(checked_request2size): Change to inline function and limit maximum
requested size to PTRDIFF_MAX.
(__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit
maximum allocation size to PTRDIFF_MAX.
(_mid_memalign): Use _int_memalign call for overflow check.
(__libc_pvalloc): Use __builtin_add_overflow on overflow check.
(__libc_calloc): Use __builtin_mul_overflow for overflow check and
limit maximum requested size to PTRDIFF_MAX.
* malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign,
valloc, pvalloc): Add __attribute_alloc_size__.
* stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise.
* malloc/tst-malloc-too-large.c (do_test): Add check for allocation
larger than PTRDIFF_MAX.
* malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than=
around tests of malloc with negative sizes.
* malloc/tst-posix_memalign.c (do_test): Likewise.
* malloc/tst-pvalloc.c (do_test): Likewise.
* malloc/tst-valloc.c (do_test): Likewise.
* malloc/tst-reallocarray.c (do_test): Replace call to reallocarray
with resulting size allocation larger than PTRDIFF_MAX with
reallocarray_nowarn.
(reallocarray_nowarn): New function.
* NEWS: Mention the malloc function semantic change.
2018-12-18 18:30:56 +00:00
|
|
|
__THROW __attribute_warn_unused_result__ __attribute_alloc_size__ ((2));
|
1996-12-08 08:01:13 +00:00
|
|
|
|
2017-05-30 21:26:19 +00:00
|
|
|
/* Re-allocate the previously allocated block in PTR, making the new
|
|
|
|
block large enough for NMEMB elements of SIZE bytes each. */
|
|
|
|
/* __attribute_malloc__ is not used, because if reallocarray returns
|
|
|
|
the same pointer that was passed to it, aliasing needs to be allowed
|
|
|
|
between objects pointed by the old and new pointers. */
|
|
|
|
extern void *reallocarray (void *__ptr, size_t __nmemb, size_t __size)
|
malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)
As discussed previously on libc-alpha [1], this patch follows up the idea
and add both the __attribute_alloc_size__ on malloc functions (malloc,
calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit
maximum requested allocation size to up PTRDIFF_MAX (taking into
consideration internal padding and alignment).
This aligns glibc with gcc expected size defined by default warning
-Walloc-size-larger-than value which warns for allocation larger than
PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and
expected size, such as described in PR#67999 [2] and previously discussed
ISO C11 issues [3] on libc-alpha.
From the RFC thread [4] and previous discussion, it seems that consensus
is only to limit such requested size for malloc functions, not the system
allocation one (mmap, sbrk, etc.).
The implementation changes checked_request2size to check for both overflow
and maximum object size up to PTRDIFF_MAX. No additional checks are done
on sysmalloc, so it can still issue mmap with values larger than
PTRDIFF_T depending on the requested size.
The __attribute_alloc_size__ is for functions that return a pointer only,
which means it cannot be applied to posix_memalign (see remarks in GCC
PR#87683 [5]). The runtimes checks to limit maximum requested allocation
size does applies to posix_memalign.
Checked on x86_64-linux-gnu and i686-linux-gnu.
[1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999
[3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html
[4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html
[5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683
[BZ #23741]
* malloc/hooks.c (malloc_check, realloc_check): Use
__builtin_add_overflow on overflow check and adapt to
checked_request2size change.
* malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign,
__libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum
allocation size to PTRDIFF_MAX.
(REQUEST_OUT_OF_RANGE): Remove macro.
(checked_request2size): Change to inline function and limit maximum
requested size to PTRDIFF_MAX.
(__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit
maximum allocation size to PTRDIFF_MAX.
(_mid_memalign): Use _int_memalign call for overflow check.
(__libc_pvalloc): Use __builtin_add_overflow on overflow check.
(__libc_calloc): Use __builtin_mul_overflow for overflow check and
limit maximum requested size to PTRDIFF_MAX.
* malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign,
valloc, pvalloc): Add __attribute_alloc_size__.
* stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise.
* malloc/tst-malloc-too-large.c (do_test): Add check for allocation
larger than PTRDIFF_MAX.
* malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than=
around tests of malloc with negative sizes.
* malloc/tst-posix_memalign.c (do_test): Likewise.
* malloc/tst-pvalloc.c (do_test): Likewise.
* malloc/tst-valloc.c (do_test): Likewise.
* malloc/tst-reallocarray.c (do_test): Replace call to reallocarray
with resulting size allocation larger than PTRDIFF_MAX with
reallocarray_nowarn.
(reallocarray_nowarn): New function.
* NEWS: Mention the malloc function semantic change.
2018-12-18 18:30:56 +00:00
|
|
|
__THROW __attribute_warn_unused_result__ __attribute_alloc_size__ ((2, 3));
|
2017-05-30 21:26:19 +00:00
|
|
|
|
1996-12-08 08:01:13 +00:00
|
|
|
/* Free a block allocated by `malloc', `realloc' or `calloc'. */
|
2011-05-30 00:40:08 +00:00
|
|
|
extern void free (void *__ptr) __THROW;
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
/* Allocate SIZE bytes allocated to ALIGNMENT bytes. */
|
2011-05-30 00:40:08 +00:00
|
|
|
extern void *memalign (size_t __alignment, size_t __size)
|
malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)
As discussed previously on libc-alpha [1], this patch follows up the idea
and add both the __attribute_alloc_size__ on malloc functions (malloc,
calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit
maximum requested allocation size to up PTRDIFF_MAX (taking into
consideration internal padding and alignment).
This aligns glibc with gcc expected size defined by default warning
-Walloc-size-larger-than value which warns for allocation larger than
PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and
expected size, such as described in PR#67999 [2] and previously discussed
ISO C11 issues [3] on libc-alpha.
From the RFC thread [4] and previous discussion, it seems that consensus
is only to limit such requested size for malloc functions, not the system
allocation one (mmap, sbrk, etc.).
The implementation changes checked_request2size to check for both overflow
and maximum object size up to PTRDIFF_MAX. No additional checks are done
on sysmalloc, so it can still issue mmap with values larger than
PTRDIFF_T depending on the requested size.
The __attribute_alloc_size__ is for functions that return a pointer only,
which means it cannot be applied to posix_memalign (see remarks in GCC
PR#87683 [5]). The runtimes checks to limit maximum requested allocation
size does applies to posix_memalign.
Checked on x86_64-linux-gnu and i686-linux-gnu.
[1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999
[3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html
[4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html
[5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683
[BZ #23741]
* malloc/hooks.c (malloc_check, realloc_check): Use
__builtin_add_overflow on overflow check and adapt to
checked_request2size change.
* malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign,
__libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum
allocation size to PTRDIFF_MAX.
(REQUEST_OUT_OF_RANGE): Remove macro.
(checked_request2size): Change to inline function and limit maximum
requested size to PTRDIFF_MAX.
(__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit
maximum allocation size to PTRDIFF_MAX.
(_mid_memalign): Use _int_memalign call for overflow check.
(__libc_pvalloc): Use __builtin_add_overflow on overflow check.
(__libc_calloc): Use __builtin_mul_overflow for overflow check and
limit maximum requested size to PTRDIFF_MAX.
* malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign,
valloc, pvalloc): Add __attribute_alloc_size__.
* stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise.
* malloc/tst-malloc-too-large.c (do_test): Add check for allocation
larger than PTRDIFF_MAX.
* malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than=
around tests of malloc with negative sizes.
* malloc/tst-posix_memalign.c (do_test): Likewise.
* malloc/tst-pvalloc.c (do_test): Likewise.
* malloc/tst-valloc.c (do_test): Likewise.
* malloc/tst-reallocarray.c (do_test): Replace call to reallocarray
with resulting size allocation larger than PTRDIFF_MAX with
reallocarray_nowarn.
(reallocarray_nowarn): New function.
* NEWS: Mention the malloc function semantic change.
2018-12-18 18:30:56 +00:00
|
|
|
__THROW __attribute_malloc__ __attribute_alloc_size__ ((2)) __wur;
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
/* Allocate SIZE bytes on a page boundary. */
|
malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)
As discussed previously on libc-alpha [1], this patch follows up the idea
and add both the __attribute_alloc_size__ on malloc functions (malloc,
calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit
maximum requested allocation size to up PTRDIFF_MAX (taking into
consideration internal padding and alignment).
This aligns glibc with gcc expected size defined by default warning
-Walloc-size-larger-than value which warns for allocation larger than
PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and
expected size, such as described in PR#67999 [2] and previously discussed
ISO C11 issues [3] on libc-alpha.
From the RFC thread [4] and previous discussion, it seems that consensus
is only to limit such requested size for malloc functions, not the system
allocation one (mmap, sbrk, etc.).
The implementation changes checked_request2size to check for both overflow
and maximum object size up to PTRDIFF_MAX. No additional checks are done
on sysmalloc, so it can still issue mmap with values larger than
PTRDIFF_T depending on the requested size.
The __attribute_alloc_size__ is for functions that return a pointer only,
which means it cannot be applied to posix_memalign (see remarks in GCC
PR#87683 [5]). The runtimes checks to limit maximum requested allocation
size does applies to posix_memalign.
Checked on x86_64-linux-gnu and i686-linux-gnu.
[1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999
[3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html
[4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html
[5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683
[BZ #23741]
* malloc/hooks.c (malloc_check, realloc_check): Use
__builtin_add_overflow on overflow check and adapt to
checked_request2size change.
* malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign,
__libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum
allocation size to PTRDIFF_MAX.
(REQUEST_OUT_OF_RANGE): Remove macro.
(checked_request2size): Change to inline function and limit maximum
requested size to PTRDIFF_MAX.
(__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit
maximum allocation size to PTRDIFF_MAX.
(_mid_memalign): Use _int_memalign call for overflow check.
(__libc_pvalloc): Use __builtin_add_overflow on overflow check.
(__libc_calloc): Use __builtin_mul_overflow for overflow check and
limit maximum requested size to PTRDIFF_MAX.
* malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign,
valloc, pvalloc): Add __attribute_alloc_size__.
* stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise.
* malloc/tst-malloc-too-large.c (do_test): Add check for allocation
larger than PTRDIFF_MAX.
* malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than=
around tests of malloc with negative sizes.
* malloc/tst-posix_memalign.c (do_test): Likewise.
* malloc/tst-pvalloc.c (do_test): Likewise.
* malloc/tst-valloc.c (do_test): Likewise.
* malloc/tst-reallocarray.c (do_test): Replace call to reallocarray
with resulting size allocation larger than PTRDIFF_MAX with
reallocarray_nowarn.
(reallocarray_nowarn): New function.
* NEWS: Mention the malloc function semantic change.
2018-12-18 18:30:56 +00:00
|
|
|
extern void *valloc (size_t __size) __THROW __attribute_malloc__
|
|
|
|
__attribute_alloc_size__ ((1)) __wur;
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
/* Equivalent to valloc(minimum-page-that-holds(n)), that is, round up
|
|
|
|
__size to nearest pagesize. */
|
2020-01-17 14:05:34 +00:00
|
|
|
extern void *pvalloc (size_t __size) __THROW __attribute_malloc__ __wur;
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
/* Underlying allocation function; successive calls should return
|
|
|
|
contiguous pieces of memory. */
|
2011-05-30 00:40:08 +00:00
|
|
|
extern void *(*__morecore) (ptrdiff_t __size);
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
/* Default value of `__morecore'. */
|
2011-05-30 00:40:08 +00:00
|
|
|
extern void *__default_morecore (ptrdiff_t __size)
|
2014-01-02 08:38:18 +00:00
|
|
|
__THROW __attribute_malloc__;
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
/* SVID2/XPG mallinfo structure */
|
2002-01-29 07:54:51 +00:00
|
|
|
|
2011-05-30 00:40:08 +00:00
|
|
|
struct mallinfo
|
|
|
|
{
|
2002-01-29 07:54:51 +00:00
|
|
|
int arena; /* non-mmapped space allocated from system */
|
|
|
|
int ordblks; /* number of free chunks */
|
|
|
|
int smblks; /* number of fastbin blocks */
|
1996-12-08 08:01:13 +00:00
|
|
|
int hblks; /* number of mmapped regions */
|
2002-01-29 07:54:51 +00:00
|
|
|
int hblkhd; /* space in mmapped regions */
|
2016-02-19 16:07:04 +00:00
|
|
|
int usmblks; /* always 0, preserved for backwards compatibility */
|
2002-01-29 07:54:51 +00:00
|
|
|
int fsmblks; /* space available in freed fastbin blocks */
|
1996-12-08 08:01:13 +00:00
|
|
|
int uordblks; /* total allocated space */
|
2002-01-29 07:54:51 +00:00
|
|
|
int fordblks; /* total free space */
|
1996-12-08 08:01:13 +00:00
|
|
|
int keepcost; /* top-most, releasable (via malloc_trim) space */
|
|
|
|
};
|
|
|
|
|
|
|
|
/* Returns a copy of the updated current mallinfo. */
|
2011-05-30 00:40:08 +00:00
|
|
|
extern struct mallinfo mallinfo (void) __THROW;
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
/* SVID2/XPG mallopt options */
|
|
|
|
#ifndef M_MXFAST
|
2014-01-02 08:38:18 +00:00
|
|
|
# define M_MXFAST 1 /* maximum request size for "fastbins" */
|
1996-12-08 08:01:13 +00:00
|
|
|
#endif
|
|
|
|
#ifndef M_NLBLKS
|
2014-01-02 08:38:18 +00:00
|
|
|
# define M_NLBLKS 2 /* UNUSED in this malloc */
|
1996-12-08 08:01:13 +00:00
|
|
|
#endif
|
|
|
|
#ifndef M_GRAIN
|
2014-01-02 08:38:18 +00:00
|
|
|
# define M_GRAIN 3 /* UNUSED in this malloc */
|
1996-12-08 08:01:13 +00:00
|
|
|
#endif
|
|
|
|
#ifndef M_KEEP
|
2014-01-02 08:38:18 +00:00
|
|
|
# define M_KEEP 4 /* UNUSED in this malloc */
|
1996-12-08 08:01:13 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
/* mallopt options that actually do something */
|
|
|
|
#define M_TRIM_THRESHOLD -1
|
|
|
|
#define M_TOP_PAD -2
|
|
|
|
#define M_MMAP_THRESHOLD -3
|
|
|
|
#define M_MMAP_MAX -4
|
update from main archive 961217
Wed Dec 18 03:31:58 1996 Ulrich Drepper <drepper@cygnus.com>
* dirent/scandir.c: Undo change from Mon Dec 2 15:32:15 1996.
The stream is private and usages outside glibc don't care about
reentrancy.
* io/fts.c: Likewise.
* io/ftw.c: Likewise.
* sysdeps/posix/getcwd.c: Likewise.
* sysdeps/posix/ttyname.c: Likewise.
* sysdeps/posix/ttyname_r.c: Likewise.
* sysdeps/posix/glob.c: Likewise.
* libio/iovsprintf.c: Add cast to prevent warning.
* libio/iovsscanf.c: Likewise.
* libio/libioP.h: Define mmap to __mmap and munmap to __munmap
to keep namespace clean.
* new-malloc/malloc.c: Update to last version from Wolfram Gloger.
Add hooks and check functions from old GNU malloc.
* new-malloc/malloc.h: Likewise.
* nis/ypclnt.c: Remove prototype for xdr_free.
* snrpc/rpc/xdr.h: Add prototype for xdr_free.
* manual/nss.texi: Correct description of default values and don't
meantion NSS as an add-on.
* nss/grp-lookup.c: Provide default value as
"compat [NOTFOUND=return] files".
* nss/pwd-lookup.c: Likewise.
* nss/spwd-lookup.c: Likewise.
* nss/network-lookup.c: Correct default to
"dns [!UNAVAIL=return] files".
* nss/nsswitch.c: Change default-default value to "nis
[NOTFOUND=return] files" since compat is only available for group,
passwd, and shadow.
* stdlib/on_exit.c (on_exit): Rename to __on_exit and make old name
a weak alias.
* stdlib/stdlib.h: Add prototype for __on_exit.
* sysdeps/unix/sysv/linux/schedbits.h: Add prototype for __clone.
* time/Makefile: Undo change from Sun Dec 8 06:56:49 1996.
The new malloc now has mcheck.
* time/ap.c: Likewise.
* time/tzset.c (__tzset): Rename to __tzset_internal.
(tzset): Rename to __tzset. Make tzset a weak alias for __tzset.
* time/localtime.c: Use __tzset_internal not __tzset.
* time/strftime.c [_LIBC]: Define tzname as __tzname and tzset
as __tzset to prevent namespace pollution.
* wctype/iswctype.h (icwctype): Rename to __iswctype. Make iswctype
a weak alias of __iswctype.
* wctype/wctype.h: Add prototype for __iswctype.
(iswalnum, iswalpha, iswcntrl, iswdigit, iswlower, iswgraph,
iswprint, iswpunct, iswspace, iswupper, iswxdigit, iswblank):
Use __iswctype for the test, not iswctype.
1996-12-16 Paul Eggert <eggert@twinsun.com>
* hurd/hurd/sigpreempt.h
(struct hurd_signal_preemptor.preemptor, _hurdsig_preemptors),
hurd/hurd/signal.h (struct hurd_sigstate.preemptors),
hurd/hurdfault.c, hurd/hurdfault.h (_hurdsig_fault_preemptor),
hurd/hurdsig.c (_hurdsig_preempters):
Renamed to fix spelling from `preempter' to `preemptor'.
All uses changed.
1996-12-15 Paul Eggert <eggert@twinsun.com>
* ctime.c (ctime): Return asctime (localtime (t)), as the C
standard requires.
Tue Dec 17 02:05:48 1996 Thomas Bushnell, n/BSG <thomas@gnu.ai.mit.edu>
* sysdeps/mach/libc-lock.h (__libc_lock_trylock): Invert return
value because Mach/cthreads uses the opposite convention from
Posix/glibc.
Mon Dec 16 22:41:01 1996 Ulrich Drepper <drepper@cygnus.com>
* stdio-common/fcloseall.c: Correct test of already_called.
Reported by Thomas Bushnell, n/BSG.
Mon Dec 16 14:52:07 1996 Thomas Bushnell, n/BSG <thomas@gnu.ai.mit.edu>
* mach/lock-intern.h (__mutex_try_lock): New function.
Sun Dec 15 16:33:44 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* termios/sys/ttydefaults.h (TTYDEF_OFLAG): Only use OXTABS if
defined, else XTABS.
(CEOL, CSTATUS): Use _POSIX_VDISABLE if defined.
Sun Dec 15 11:56:19 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* sysdeps/unix/sysv/linux/m68k/mremap.S: New file.
* sysdeps/unix/sysv/linux/m68k/Dist: Distribute it.
* sysdeps/unix/sysv/linux/m68k/Makefile (sysdep_routines): Add mremap.
1996-12-18 03:23:47 +00:00
|
|
|
#define M_CHECK_ACTION -5
|
2014-01-02 08:38:18 +00:00
|
|
|
#define M_PERTURB -6
|
|
|
|
#define M_ARENA_TEST -7
|
|
|
|
#define M_ARENA_MAX -8
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
/* General SVID/XPG interface to tunable parameters. */
|
2011-05-30 00:40:08 +00:00
|
|
|
extern int mallopt (int __param, int __val) __THROW;
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
/* Release all but __pad bytes of freed top-most memory back to the
|
|
|
|
system. Return 1 if successful, else 0. */
|
2011-05-30 00:40:08 +00:00
|
|
|
extern int malloc_trim (size_t __pad) __THROW;
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
/* Report the number of usable allocated bytes associated with allocated
|
|
|
|
chunk __ptr. */
|
2011-05-30 00:40:08 +00:00
|
|
|
extern size_t malloc_usable_size (void *__ptr) __THROW;
|
1996-12-08 08:01:13 +00:00
|
|
|
|
|
|
|
/* Prints brief summary statistics on stderr. */
|
2011-05-30 00:40:08 +00:00
|
|
|
extern void malloc_stats (void) __THROW;
|
1996-12-08 08:01:13 +00:00
|
|
|
|
2009-04-09 05:45:42 +00:00
|
|
|
/* Output information about state of allocator to stream FP. */
|
2011-05-30 00:40:08 +00:00
|
|
|
extern int malloc_info (int __options, FILE *__fp) __THROW;
|
2009-04-09 05:45:42 +00:00
|
|
|
|
1999-11-12 17:15:18 +00:00
|
|
|
/* Hooks for debugging and user-defined versions. */
|
2011-05-30 00:40:08 +00:00
|
|
|
extern void (*__MALLOC_HOOK_VOLATILE __free_hook) (void *__ptr,
|
2014-01-02 08:38:18 +00:00
|
|
|
const void *)
|
|
|
|
__MALLOC_DEPRECATED;
|
|
|
|
extern void *(*__MALLOC_HOOK_VOLATILE __malloc_hook)(size_t __size,
|
|
|
|
const void *)
|
|
|
|
__MALLOC_DEPRECATED;
|
|
|
|
extern void *(*__MALLOC_HOOK_VOLATILE __realloc_hook)(void *__ptr,
|
|
|
|
size_t __size,
|
|
|
|
const void *)
|
|
|
|
__MALLOC_DEPRECATED;
|
|
|
|
extern void *(*__MALLOC_HOOK_VOLATILE __memalign_hook)(size_t __alignment,
|
|
|
|
size_t __size,
|
|
|
|
const void *)
|
|
|
|
__MALLOC_DEPRECATED;
|
2011-05-30 00:40:08 +00:00
|
|
|
extern void (*__MALLOC_HOOK_VOLATILE __after_morecore_hook) (void);
|
update from main archive 961217
Wed Dec 18 03:31:58 1996 Ulrich Drepper <drepper@cygnus.com>
* dirent/scandir.c: Undo change from Mon Dec 2 15:32:15 1996.
The stream is private and usages outside glibc don't care about
reentrancy.
* io/fts.c: Likewise.
* io/ftw.c: Likewise.
* sysdeps/posix/getcwd.c: Likewise.
* sysdeps/posix/ttyname.c: Likewise.
* sysdeps/posix/ttyname_r.c: Likewise.
* sysdeps/posix/glob.c: Likewise.
* libio/iovsprintf.c: Add cast to prevent warning.
* libio/iovsscanf.c: Likewise.
* libio/libioP.h: Define mmap to __mmap and munmap to __munmap
to keep namespace clean.
* new-malloc/malloc.c: Update to last version from Wolfram Gloger.
Add hooks and check functions from old GNU malloc.
* new-malloc/malloc.h: Likewise.
* nis/ypclnt.c: Remove prototype for xdr_free.
* snrpc/rpc/xdr.h: Add prototype for xdr_free.
* manual/nss.texi: Correct description of default values and don't
meantion NSS as an add-on.
* nss/grp-lookup.c: Provide default value as
"compat [NOTFOUND=return] files".
* nss/pwd-lookup.c: Likewise.
* nss/spwd-lookup.c: Likewise.
* nss/network-lookup.c: Correct default to
"dns [!UNAVAIL=return] files".
* nss/nsswitch.c: Change default-default value to "nis
[NOTFOUND=return] files" since compat is only available for group,
passwd, and shadow.
* stdlib/on_exit.c (on_exit): Rename to __on_exit and make old name
a weak alias.
* stdlib/stdlib.h: Add prototype for __on_exit.
* sysdeps/unix/sysv/linux/schedbits.h: Add prototype for __clone.
* time/Makefile: Undo change from Sun Dec 8 06:56:49 1996.
The new malloc now has mcheck.
* time/ap.c: Likewise.
* time/tzset.c (__tzset): Rename to __tzset_internal.
(tzset): Rename to __tzset. Make tzset a weak alias for __tzset.
* time/localtime.c: Use __tzset_internal not __tzset.
* time/strftime.c [_LIBC]: Define tzname as __tzname and tzset
as __tzset to prevent namespace pollution.
* wctype/iswctype.h (icwctype): Rename to __iswctype. Make iswctype
a weak alias of __iswctype.
* wctype/wctype.h: Add prototype for __iswctype.
(iswalnum, iswalpha, iswcntrl, iswdigit, iswlower, iswgraph,
iswprint, iswpunct, iswspace, iswupper, iswxdigit, iswblank):
Use __iswctype for the test, not iswctype.
1996-12-16 Paul Eggert <eggert@twinsun.com>
* hurd/hurd/sigpreempt.h
(struct hurd_signal_preemptor.preemptor, _hurdsig_preemptors),
hurd/hurd/signal.h (struct hurd_sigstate.preemptors),
hurd/hurdfault.c, hurd/hurdfault.h (_hurdsig_fault_preemptor),
hurd/hurdsig.c (_hurdsig_preempters):
Renamed to fix spelling from `preempter' to `preemptor'.
All uses changed.
1996-12-15 Paul Eggert <eggert@twinsun.com>
* ctime.c (ctime): Return asctime (localtime (t)), as the C
standard requires.
Tue Dec 17 02:05:48 1996 Thomas Bushnell, n/BSG <thomas@gnu.ai.mit.edu>
* sysdeps/mach/libc-lock.h (__libc_lock_trylock): Invert return
value because Mach/cthreads uses the opposite convention from
Posix/glibc.
Mon Dec 16 22:41:01 1996 Ulrich Drepper <drepper@cygnus.com>
* stdio-common/fcloseall.c: Correct test of already_called.
Reported by Thomas Bushnell, n/BSG.
Mon Dec 16 14:52:07 1996 Thomas Bushnell, n/BSG <thomas@gnu.ai.mit.edu>
* mach/lock-intern.h (__mutex_try_lock): New function.
Sun Dec 15 16:33:44 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* termios/sys/ttydefaults.h (TTYDEF_OFLAG): Only use OXTABS if
defined, else XTABS.
(CEOL, CSTATUS): Use _POSIX_VDISABLE if defined.
Sun Dec 15 11:56:19 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* sysdeps/unix/sysv/linux/m68k/mremap.S: New file.
* sysdeps/unix/sysv/linux/m68k/Dist: Distribute it.
* sysdeps/unix/sysv/linux/m68k/Makefile (sysdep_routines): Add mremap.
1996-12-18 03:23:47 +00:00
|
|
|
|
|
|
|
|
2005-01-12 01:56:21 +00:00
|
|
|
__END_DECLS
|
1997-06-21 02:59:26 +00:00
|
|
|
#endif /* malloc.h */
|