mirror of
https://sourceware.org/git/glibc.git
synced 2024-12-29 05:51:10 +00:00
83d13972f2
With gcc 13.1 with --enable-fortify-source=2, tst-tcfree3 fails to build on csky-linux-gnuabiv2 with: ../string/bits/string_fortified.h: In function ‘do_test’: ../string/bits/string_fortified.h:26:8: error: inlining failed in call to ‘always_inline’ ‘memcpy’: target specific option mismatch 26 | __NTH (memcpy (void *__restrict __dest, const void *__restrict __src, | ^~~~~~ ../misc/sys/cdefs.h:81:62: note: in definition of macro ‘__NTH’ 81 | # define __NTH(fct) __attribute__ ((__nothrow__ __LEAF)) fct | ^~~ tst-tcfree3.c:45:3: note: called from here 45 | memcpy (c, a, 32); | ^~~~~~~~~~~~~~~~~ Instead of relying on -O0 to avoid malloc/free to be optimized away, disable the builtin. Reviewed-by: DJ Delorie <dj@redhat.com>
54 lines
1.8 KiB
C
54 lines
1.8 KiB
C
/* Test that malloc tcache catches double free.
|
|
Copyright (C) 2018-2023 Free Software Foundation, Inc.
|
|
This file is part of the GNU C Library.
|
|
|
|
The GNU C Library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2.1 of the License, or (at your option) any later version.
|
|
|
|
The GNU C Library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
License along with the GNU C Library; if not, see
|
|
<https://www.gnu.org/licenses/>. */
|
|
|
|
#include <malloc.h>
|
|
#include <string.h>
|
|
|
|
static int
|
|
do_test (void)
|
|
{
|
|
/* Do two allocation of any size that fit in tcache, and one that
|
|
doesn't. */
|
|
int ** volatile a = malloc (32);
|
|
int ** volatile b = malloc (32);
|
|
/* This is just under the mmap threshold. */
|
|
int ** volatile c = malloc (127 * 1024);
|
|
|
|
/* The invalid "tcache bucket" we might dereference will likely end
|
|
up somewhere within this memory block, so make all the accidental
|
|
"next" pointers cause segfaults. BZ #23907. */
|
|
memset (c, 0xff, 127 * 1024);
|
|
|
|
free (a); // puts in tcache
|
|
|
|
/* A is now free and contains the key we use to detect in-tcache.
|
|
Copy the key to the other chunks. */
|
|
memcpy (b, a, 32);
|
|
memcpy (c, a, 32);
|
|
|
|
/* This free tests the "are we in the tcache already" loop with a
|
|
VALID bin but "coincidental" matching key. */
|
|
free (b); // should NOT abort
|
|
/* This free tests the "is it a valid tcache bin" test. */
|
|
free (c); // should NOT abort
|
|
|
|
return 0;
|
|
}
|
|
|
|
#include <support/test-driver.c>
|