summaryrefslogtreecommitdiff
path: root/malloc
diff options
context:
space:
mode:
authorSiddhesh Poyarekar <siddhesh@redhat.com>2012-09-05 21:49:00 +0530
committerSiddhesh Poyarekar <siddhesh@redhat.com>2012-09-05 21:49:30 +0530
commit6ef9cc37f0ea151a54e5c8a19950a6d5b6ff8a96 (patch)
tree7dfbbb3bbdde79ba6bc06a209102c988c53e6e1c /malloc
parent4d038ae3163aba04218b05f3983473b25c943b8b (diff)
downloadglibc-6ef9cc37f0ea151a54e5c8a19950a6d5b6ff8a96.tar.gz
Return requested size for malloc_usable_size when MALLOC_CHECK_ > 0
[BZ #1349] malloc_usable_size returns the usable size in an allocated chunk, which may be >= the requested size. In the case of MALLOC_CHECK_ being exported to > 0 however, only the requested size is usable, since a magic value is written at the end of the request size to trap writes beyond request bounds. Hence, when MALLOC_CHECK_ is exported to > 0, malloc_usable_size() should return the request size.
Diffstat (limited to 'malloc')
-rw-r--r--malloc/Makefile6
-rw-r--r--malloc/hooks.c31
-rw-r--r--malloc/malloc.c5
-rw-r--r--malloc/tst-malloc-usable.c49
4 files changed, 86 insertions, 5 deletions
diff --git a/malloc/Makefile b/malloc/Makefile
index 5d6d716a78..55c675b2cd 100644
--- a/malloc/Makefile
+++ b/malloc/Makefile
@@ -1,5 +1,4 @@
-# Copyright (C) 1991-2003, 2005, 2006, 2007, 2009, 2011, 2012
-# Free Software Foundation, Inc.
+# Copyright (C) 1991-2012 Free Software Foundation, Inc.
# This file is part of the GNU C Library.
# The GNU C Library is free software; you can redistribute it and/or
@@ -26,7 +25,7 @@ all:
dist-headers := malloc.h
headers := $(dist-headers) obstack.h mcheck.h
tests := mallocbug tst-malloc tst-valloc tst-calloc tst-obstack \
- tst-mallocstate tst-mcheck tst-mallocfork tst-trim1
+ tst-mallocstate tst-mcheck tst-mallocfork tst-trim1 tst-malloc-usable
test-srcs = tst-mtrace
routines = malloc morecore mcheck mtrace obstack
@@ -116,6 +115,7 @@ endif
endif
tst-mcheck-ENV = MALLOC_CHECK_=3
+tst-malloc-usable-ENV = MALLOC_CHECK_=3
CPPFLAGS-malloc.c += -DPER_THREAD
# Uncomment this for test releases. For public releases it is too expensive.
diff --git a/malloc/hooks.c b/malloc/hooks.c
index 8a34c78488..b38dffbdf6 100644
--- a/malloc/hooks.c
+++ b/malloc/hooks.c
@@ -1,5 +1,5 @@
/* Malloc implementation for multiple threads without lock contention.
- Copyright (C) 2001-2009, 2011, 2012 Free Software Foundation, Inc.
+ Copyright (C) 2001-2012 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Wolfram Gloger <wg@malloc.de>, 2001.
@@ -89,6 +89,35 @@ __malloc_check_init()
#define MAGICBYTE(p) ( ( ((size_t)p >> 3) ^ ((size_t)p >> 11)) & 0xFF )
+/* Visualize the chunk as being partitioned into blocks of 256 bytes from the
+ highest address of the chunk, downwards. The beginning of each block tells
+ us the size of the previous block, up to the actual size of the requested
+ memory. Our magic byte is right at the end of the requested size, so we
+ must reach it with this iteration, otherwise we have witnessed a memory
+ corruption. */
+static size_t
+malloc_check_get_size(mchunkptr p)
+{
+ size_t size;
+ unsigned char c;
+ unsigned char magic = MAGICBYTE(p);
+
+ assert(using_malloc_checking == 1);
+
+ for (size = chunksize(p) - 1 + (chunk_is_mmapped(p) ? 0 : SIZE_SZ);
+ (c = ((unsigned char*)p)[size]) != magic;
+ size -= c) {
+ if(c<=0 || size<(c+2*SIZE_SZ)) {
+ malloc_printerr(check_action, "malloc_check_get_size: memory corruption",
+ chunk2mem(p));
+ return 0;
+ }
+ }
+
+ /* chunk2mem size. */
+ return size - 2*SIZE_SZ;
+}
+
/* Instrument a chunk with overrun detector byte(s) and convert it
into a user pointer with requested size sz. */
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 0f1796c913..bd562df959 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -1,5 +1,5 @@
/* Malloc implementation for multiple threads without lock contention.
- Copyright (C) 1996-2009, 2010, 2011, 2012 Free Software Foundation, Inc.
+ Copyright (C) 1996-2012 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Wolfram Gloger <wg@malloc.de>
and Doug Lea <dl@cs.oswego.edu>, 2001.
@@ -4563,6 +4563,9 @@ musable(void* mem)
mchunkptr p;
if (mem != 0) {
p = mem2chunk(mem);
+
+ if (__builtin_expect(using_malloc_checking == 1, 0))
+ return malloc_check_get_size(p);
if (chunk_is_mmapped(p))
return chunksize(p) - 2*SIZE_SZ;
else if (inuse(p))
diff --git a/malloc/tst-malloc-usable.c b/malloc/tst-malloc-usable.c
new file mode 100644
index 0000000000..18decd852c
--- /dev/null
+++ b/malloc/tst-malloc-usable.c
@@ -0,0 +1,49 @@
+/* Ensure that malloc_usable_size returns the request size with
+ MALLOC_CHECK_ exported to a positive value.
+
+ Copyright (C) 2012 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <malloc.h>
+#include <string.h>
+#include <stdio.h>
+
+static int
+do_test (void)
+{
+ size_t usable_size;
+ void *p = malloc (7);
+ if (!p)
+ {
+ printf ("memory allocation failed\n");
+ return 1;
+ }
+
+ usable_size = malloc_usable_size (p);
+ if (usable_size != 7)
+ {
+ printf ("malloc_usable_size: expected 7 but got %zu\n", usable_size);
+ return 1;
+ }
+
+ memset (p, 0, usable_size);
+ free (p);
+ return 0;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"