lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-07-30 22:43:12 +03:00
Code Activity

malloc: Fix a potential realloc issue with memory tagging

Browse Source 
At an _int_free call site in realloc the wrong size was used for tag
clearing: the chunk header of the next chunk was also cleared which
in practice may work, but logically wrong.

The tag clearing is moved before the memcpy to save a tag computation,
this avoids a chunk2mem.  Another chunk2mem is removed because newmem
does not have to be recomputed. Whitespaces got fixed too.

Reviewed-by: DJ Delorie <dj@redhat.com>
This commit is contained in:
Szabolcs Nagy
2021-03-11 14:09:56 +00:00
parent 42cc96066b
commit 8ae909a533
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
malloc/malloc.c
View File

@ -4851,14 +4851,14 @@ _int_realloc(mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
} }
else else
{ {
void *oldmem = chunk2mem (oldp); void *oldmem = chunk2rawmem (oldp);
size_t sz = CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ;
(void) TAG_REGION (oldmem, sz);
newmem = TAG_NEW_USABLE (newmem); newmem = TAG_NEW_USABLE (newmem);
memcpy (newmem, oldmem, memcpy (newmem, oldmem, sz);
CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ); _int_free (av, oldp, 1);
(void) TAG_REGION (chunk2rawmem (oldp), oldsize); check_inuse_chunk (av, newp);
_int_free (av, oldp, 1); return newmem;
check_inuse_chunk (av, newp);
return chunk2mem (newp);
} }
} }
} }