mirror of
https://sourceware.org/git/glibc.git
synced 2025-01-19 07:00:08 +00:00
malloc: Remove corrupt arena flag
This is no longer needed because we now abort immediately
once heap corruption is detected.
(cherry-picked from a9da0bb266
)
This commit is contained in:
parent
ee717ed23d
commit
675e8785dc
@ -1,3 +1,11 @@
|
|||||||
|
2017-08-30 Florian Weimer <fweimer@redhat.com>
|
||||||
|
|
||||||
|
* malloc/malloc.c (ARENA_CORRUPTION_BIT, arena_is_corrupt)
|
||||||
|
(set_arena_corrupt): Remove definitions.
|
||||||
|
(mtrim): Do not check for corrupt arena.
|
||||||
|
* malloc/arena.c (arena_lock, reused_arena, arena_get_retry):
|
||||||
|
Likewise.
|
||||||
|
|
||||||
2017-08-30 Florian Weimer <fweimer@redhat.com>
|
2017-08-30 Florian Weimer <fweimer@redhat.com>
|
||||||
|
|
||||||
[BZ #21754]
|
[BZ #21754]
|
||||||
|
@ -116,7 +116,7 @@ int __malloc_initialized = -1;
|
|||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
#define arena_lock(ptr, size) do { \
|
#define arena_lock(ptr, size) do { \
|
||||||
if (ptr && !arena_is_corrupt (ptr)) \
|
if (ptr) \
|
||||||
__libc_lock_lock (ptr->mutex); \
|
__libc_lock_lock (ptr->mutex); \
|
||||||
else \
|
else \
|
||||||
ptr = arena_get2 ((size), NULL); \
|
ptr = arena_get2 ((size), NULL); \
|
||||||
@ -832,7 +832,7 @@ reused_arena (mstate avoid_arena)
|
|||||||
result = next_to_use;
|
result = next_to_use;
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
if (!arena_is_corrupt (result) && !__libc_lock_trylock (result->mutex))
|
if (!__libc_lock_trylock (result->mutex))
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
/* FIXME: This is a data race, see _int_new_arena. */
|
/* FIXME: This is a data race, see _int_new_arena. */
|
||||||
@ -845,18 +845,6 @@ reused_arena (mstate avoid_arena)
|
|||||||
if (result == avoid_arena)
|
if (result == avoid_arena)
|
||||||
result = result->next;
|
result = result->next;
|
||||||
|
|
||||||
/* Make sure that the arena we get is not corrupted. */
|
|
||||||
mstate begin = result;
|
|
||||||
while (arena_is_corrupt (result) || result == avoid_arena)
|
|
||||||
{
|
|
||||||
result = result->next;
|
|
||||||
if (result == begin)
|
|
||||||
/* We looped around the arena list. We could not find any
|
|
||||||
arena that was either not corrupted or not the one we
|
|
||||||
wanted to avoid. */
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* No arena available without contention. Wait for the next in line. */
|
/* No arena available without contention. Wait for the next in line. */
|
||||||
LIBC_PROBE (memory_arena_reuse_wait, 3, &result->mutex, result, avoid_arena);
|
LIBC_PROBE (memory_arena_reuse_wait, 3, &result->mutex, result, avoid_arena);
|
||||||
__libc_lock_lock (result->mutex);
|
__libc_lock_lock (result->mutex);
|
||||||
@ -953,10 +941,6 @@ arena_get_retry (mstate ar_ptr, size_t bytes)
|
|||||||
if (ar_ptr != &main_arena)
|
if (ar_ptr != &main_arena)
|
||||||
{
|
{
|
||||||
__libc_lock_unlock (ar_ptr->mutex);
|
__libc_lock_unlock (ar_ptr->mutex);
|
||||||
/* Don't touch the main arena if it is corrupt. */
|
|
||||||
if (arena_is_corrupt (&main_arena))
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
ar_ptr = &main_arena;
|
ar_ptr = &main_arena;
|
||||||
__libc_lock_lock (ar_ptr->mutex);
|
__libc_lock_lock (ar_ptr->mutex);
|
||||||
}
|
}
|
||||||
|
@ -1626,15 +1626,6 @@ typedef struct malloc_chunk *mfastbinptr;
|
|||||||
#define set_noncontiguous(M) ((M)->flags |= NONCONTIGUOUS_BIT)
|
#define set_noncontiguous(M) ((M)->flags |= NONCONTIGUOUS_BIT)
|
||||||
#define set_contiguous(M) ((M)->flags &= ~NONCONTIGUOUS_BIT)
|
#define set_contiguous(M) ((M)->flags &= ~NONCONTIGUOUS_BIT)
|
||||||
|
|
||||||
/* ARENA_CORRUPTION_BIT is set if a memory corruption was detected on the
|
|
||||||
arena. Such an arena is no longer used to allocate chunks. Chunks
|
|
||||||
allocated in that arena before detecting corruption are not freed. */
|
|
||||||
|
|
||||||
#define ARENA_CORRUPTION_BIT (4U)
|
|
||||||
|
|
||||||
#define arena_is_corrupt(A) (((A)->flags & ARENA_CORRUPTION_BIT))
|
|
||||||
#define set_arena_corrupt(A) ((A)->flags |= ARENA_CORRUPTION_BIT)
|
|
||||||
|
|
||||||
/* Maximum size of memory handled in fastbins. */
|
/* Maximum size of memory handled in fastbins. */
|
||||||
static INTERNAL_SIZE_T global_max_fast;
|
static INTERNAL_SIZE_T global_max_fast;
|
||||||
|
|
||||||
@ -4718,10 +4709,6 @@ _int_memalign (mstate av, size_t alignment, size_t bytes)
|
|||||||
static int
|
static int
|
||||||
mtrim (mstate av, size_t pad)
|
mtrim (mstate av, size_t pad)
|
||||||
{
|
{
|
||||||
/* Don't touch corrupt arenas. */
|
|
||||||
if (arena_is_corrupt (av))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
/* Ensure initialization/consolidation */
|
/* Ensure initialization/consolidation */
|
||||||
malloc_consolidate (av);
|
malloc_consolidate (av);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user