AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-22 13:00:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

malloc: Fix a potential realloc issue with memory tagging

Browse Source 
At an _int_free call site in realloc the wrong size was used for tag
clearing: the chunk header of the next chunk was also cleared which
in practice may work, but logically wrong.

The tag clearing is moved before the memcpy to save a tag computation,
this avoids a chunk2mem.  Another chunk2mem is removed because newmem
does not have to be recomputed. Whitespaces got fixed too.

Reviewed-by: DJ Delorie <dj@redhat.com>
This commit is contained in:
Szabolcs Nagy 2021-03-11 14:09:56 +00:00
parent 42cc96066b
commit 8ae909a533
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
malloc/malloc.c
View File

@ -4851,14 +4851,14 @@ _int_realloc(mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
}
else
{
void *oldmem = chunk2mem (oldp);
void *oldmem = chunk2rawmem (oldp);
size_t sz = CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ;
(void) TAG_REGION (oldmem, sz);
newmem = TAG_NEW_USABLE (newmem);
memcpy (newmem, oldmem,
CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ);
(void) TAG_REGION (chunk2rawmem (oldp), oldsize);
_int_free (av, oldp, 1);
check_inuse_chunk (av, newp);
return chunk2mem (newp);
memcpy (newmem, oldmem, sz);
_int_free (av, oldp, 1);
check_inuse_chunk (av, newp);
return newmem;
}
}
}