mirror of
https://sourceware.org/git/glibc.git
synced 2025-07-29 11:41:21 +03:00
Fix for test "malloc_usable_size: expected 7 but got 11"
[BZ #17581] Revert this fix while investigating a problem.
This commit is contained in:
James Lemke
@ -1,3 +1,11 @@
|
|||||||
|
2014-12-11 James Lemke <jwlemke@codesourcery.com>
|
||||||
|
|
||||||
|
[BZ #17581]
|
||||||
|
* malloc/hooks.c
|
||||||
|
(mem2mem_check): Revert my previous change.
|
||||||
|
(malloc_check_get_size): Revert my previous change.
|
||||||
|
(mem2chunk_check): Revert my previous change.
|
||||||
|
|
||||||
2014-12-11 Roland McGrath <roland@hack.frob.com>
|
2014-12-11 Roland McGrath <roland@hack.frob.com>
|
||||||
|
|
||||||
* sysdeps/posix/shm-directory.c: New file.
|
* sysdeps/posix/shm-directory.c: New file.
|
||||||
|
|||||||
@ -90,36 +90,32 @@ __malloc_check_init (void)
|
|||||||
|
|
||||||
#define MAGICBYTE(p) ((((size_t) p >> 3) ^ ((size_t) p >> 11)) & 0xFF)
|
#define MAGICBYTE(p) ((((size_t) p >> 3) ^ ((size_t) p >> 11)) & 0xFF)
|
||||||
|
|
||||||
/* Visualize the chunk as being partitioned into blocks of 255 bytes from the
|
/* Visualize the chunk as being partitioned into blocks of 256 bytes from the
|
||||||
highest address of the chunk, downwards. The end of each block tells us
|
highest address of the chunk, downwards. The beginning of each block tells
|
||||||
the size of that block, up to the actual size of the requested memory.
|
us the size of the previous block, up to the actual size of the requested
|
||||||
The last block has a length of zero and is followed by the magic byte.
|
memory. Our magic byte is right at the end of the requested size, so we
|
||||||
Our magic byte is right at the end of the requested size. If we don't
|
must reach it with this iteration, otherwise we have witnessed a memory
|
||||||
reach it with this iteration we have witnessed a memory corruption. */
|
corruption. */
|
||||||
static size_t
|
static size_t
|
||||||
malloc_check_get_size (mchunkptr p)
|
malloc_check_get_size (mchunkptr p)
|
||||||
{
|
{
|
||||||
size_t total_sz, size;
|
size_t size;
|
||||||
unsigned char c;
|
unsigned char c;
|
||||||
unsigned char magic = MAGICBYTE (p);
|
unsigned char magic = MAGICBYTE (p);
|
||||||
|
|
||||||
assert (using_malloc_checking == 1);
|
assert (using_malloc_checking == 1);
|
||||||
|
|
||||||
/* Validate the length-byte chain. */
|
for (size = chunksize (p) - 1 + (chunk_is_mmapped (p) ? 0 : SIZE_SZ);
|
||||||
total_sz = chunksize (p) + (chunk_is_mmapped (p) ? 0 : SIZE_SZ);
|
(c = ((unsigned char *) p)[size]) != magic;
|
||||||
for (size = total_sz - 1;
|
|
||||||
(c = ((unsigned char *) p)[size]) != 0;
|
|
||||||
size -= c)
|
size -= c)
|
||||||
{
|
{
|
||||||
if (size <= c + 2 * SIZE_SZ)
|
if (c <= 0 || size < (c + 2 * SIZE_SZ))
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (c != 0 || ((unsigned char *) p)[--size] != magic)
|
|
||||||
{
|
{
|
||||||
malloc_printerr (check_action, "malloc_check_get_size: memory corruption",
|
malloc_printerr (check_action, "malloc_check_get_size: memory corruption",
|
||||||
chunk2mem (p));
|
chunk2mem (p));
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* chunk2mem size. */
|
/* chunk2mem size. */
|
||||||
return size - 2 * SIZE_SZ;
|
return size - 2 * SIZE_SZ;
|
||||||
@ -134,25 +130,23 @@ mem2mem_check (void *ptr, size_t sz)
|
|||||||
{
|
{
|
||||||
mchunkptr p;
|
mchunkptr p;
|
||||||
unsigned char *m_ptr = ptr;
|
unsigned char *m_ptr = ptr;
|
||||||
size_t user_sz, block_sz, i;
|
size_t i;
|
||||||
|
|
||||||
if (!ptr)
|
if (!ptr)
|
||||||
return ptr;
|
return ptr;
|
||||||
|
|
||||||
p = mem2chunk (ptr);
|
p = mem2chunk (ptr);
|
||||||
user_sz = chunksize (p) + (chunk_is_mmapped (p) ? 0 : SIZE_SZ);
|
for (i = chunksize (p) - (chunk_is_mmapped (p) ? 2 * SIZE_SZ + 1 : SIZE_SZ + 1);
|
||||||
user_sz -= 2 * SIZE_SZ;
|
i > sz;
|
||||||
for (i = user_sz - 1; i > sz; i -= block_sz)
|
i -= 0xFF)
|
||||||
{
|
{
|
||||||
block_sz = i - (sz + 1);
|
if (i - sz < 0x100)
|
||||||
if (block_sz > 0xff)
|
{
|
||||||
block_sz = 0xff;
|
m_ptr[i] = (unsigned char) (i - sz);
|
||||||
|
|
||||||
m_ptr[i] = (unsigned char) block_sz;
|
|
||||||
|
|
||||||
if (block_sz == 0)
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
m_ptr[i] = 0xFF;
|
||||||
|
}
|
||||||
m_ptr[sz] = MAGICBYTE (p);
|
m_ptr[sz] = MAGICBYTE (p);
|
||||||
return (void *) m_ptr;
|
return (void *) m_ptr;
|
||||||
}
|
}
|
||||||
@ -172,12 +166,11 @@ mem2chunk_check (void *mem, unsigned char **magic_p)
|
|||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
p = mem2chunk (mem);
|
p = mem2chunk (mem);
|
||||||
sz = chunksize (p);
|
|
||||||
magic = MAGICBYTE (p);
|
|
||||||
if (!chunk_is_mmapped (p))
|
if (!chunk_is_mmapped (p))
|
||||||
{
|
{
|
||||||
/* Must be a chunk in conventional heap memory. */
|
/* Must be a chunk in conventional heap memory. */
|
||||||
int contig = contiguous (&main_arena);
|
int contig = contiguous (&main_arena);
|
||||||
|
sz = chunksize (p);
|
||||||
if ((contig &&
|
if ((contig &&
|
||||||
((char *) p < mp_.sbrk_base ||
|
((char *) p < mp_.sbrk_base ||
|
||||||
((char *) p + sz) >= (mp_.sbrk_base + main_arena.system_mem))) ||
|
((char *) p + sz) >= (mp_.sbrk_base + main_arena.system_mem))) ||
|
||||||
@ -187,14 +180,13 @@ mem2chunk_check (void *mem, unsigned char **magic_p)
|
|||||||
next_chunk (prev_chunk (p)) != p)))
|
next_chunk (prev_chunk (p)) != p)))
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
for (sz += SIZE_SZ - 1; (c = ((unsigned char *) p)[sz]) != 0; sz -= c)
|
magic = MAGICBYTE (p);
|
||||||
|
for (sz += SIZE_SZ - 1; (c = ((unsigned char *) p)[sz]) != magic; sz -= c)
|
||||||
{
|
{
|
||||||
if (sz <= c + 2 * SIZE_SZ)
|
if (c <= 0 || sz < (c + 2 * SIZE_SZ))
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (c != 0 || ((unsigned char *) p)[--sz] != magic)
|
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
unsigned long offset, page_mask = GLRO (dl_pagesize) - 1;
|
unsigned long offset, page_mask = GLRO (dl_pagesize) - 1;
|
||||||
@ -209,17 +201,16 @@ mem2chunk_check (void *mem, unsigned char **magic_p)
|
|||||||
offset < 0x2000) ||
|
offset < 0x2000) ||
|
||||||
!chunk_is_mmapped (p) || (p->size & PREV_INUSE) ||
|
!chunk_is_mmapped (p) || (p->size & PREV_INUSE) ||
|
||||||
((((unsigned long) p - p->prev_size) & page_mask) != 0) ||
|
((((unsigned long) p - p->prev_size) & page_mask) != 0) ||
|
||||||
((p->prev_size + sz) & page_mask) != 0)
|
((sz = chunksize (p)), ((p->prev_size + sz) & page_mask) != 0))
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
for (sz -= 1; (c = ((unsigned char *) p)[sz]) != 0; sz -= c)
|
magic = MAGICBYTE (p);
|
||||||
|
for (sz -= 1; (c = ((unsigned char *) p)[sz]) != magic; sz -= c)
|
||||||
{
|
{
|
||||||
if (sz <= c + 2 * SIZE_SZ)
|
if (c <= 0 || sz < (c + 2 * SIZE_SZ))
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (c != 0 || ((unsigned char *) p)[--sz] != magic)
|
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
((unsigned char *) p)[sz] ^= 0xFF;
|
((unsigned char *) p)[sz] ^= 0xFF;
|
||||||
if (magic_p)
|
if (magic_p)
|
||||||
*magic_p = (unsigned char *) p + sz;
|
*magic_p = (unsigned char *) p + sz;
|
||||||
|
|||||||
Reference in New Issue
Block a user