powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1049 Commits
1 Branch
0 Tags
390 MiB
 
 
 
 
 
 
Tree: 6441ca8477
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6441ca8477'
${ noResults }
base/SOURCES/glibc-rh1662842.patch

68 lines
2.1 KiB
Raw Blame History

commit b50dd3bc8cbb1efe85399b03d7e6c0310c2ead84
Author: Florian Weimer <fw@deneb.enyo.de>
Date: Mon Dec 31 22:04:36 2018 +0100
malloc: Always call memcpy in _int_realloc [BZ #24027]
This commit removes the custom memcpy implementation from _int_realloc
for small chunk sizes. The ncopies variable has the wrong type, and
an integer wraparound could cause the existing code to copy too few
elements (leaving the new memory region mostly uninitialized).
Therefore, removing this code fixes bug 24027.
diff -rup a/malloc/malloc.c b/malloc/malloc.c
--- a/malloc/malloc.c 2019-03-26 14:12:59.364333388 -0400
+++ b/malloc/malloc.c 2019-03-26 14:17:17.373475418 -0400
@@ -4214,11 +4214,6 @@ _int_realloc(mstate av, mchunkptr oldp,
mchunkptr bck; /* misc temp for linking */
mchunkptr fwd; /* misc temp for linking */
- unsigned long copysize; /* bytes to copy */
- unsigned int ncopies; /* INTERNAL_SIZE_T words to copy */
- INTERNAL_SIZE_T* s; /* copy source */
- INTERNAL_SIZE_T* d; /* copy destination */
-
const char *errstr = NULL;
/* oldmem size */
@@ -4291,39 +4286,7 @@ _int_realloc(mstate av, mchunkptr oldp,
newp = oldp;
}
else {
- /*
- Unroll copy of <= 36 bytes (72 if 8byte sizes)
- We know that contents have an odd number of
- INTERNAL_SIZE_T-sized words; minimally 3.
- */
-
- copysize = oldsize - SIZE_SZ;
- s = (INTERNAL_SIZE_T*)(chunk2mem(oldp));
- d = (INTERNAL_SIZE_T*)(newmem);
- ncopies = copysize / sizeof(INTERNAL_SIZE_T);
- assert(ncopies >= 3);
-
- if (ncopies > 9)
- MALLOC_COPY(d, s, copysize);
-
- else {
- *(d+0) = *(s+0);
- *(d+1) = *(s+1);
- *(d+2) = *(s+2);
- if (ncopies > 4) {
- *(d+3) = *(s+3);
- *(d+4) = *(s+4);
- if (ncopies > 6) {
- *(d+5) = *(s+5);
- *(d+6) = *(s+6);
- if (ncopies > 8) {
- *(d+7) = *(s+7);
- *(d+8) = *(s+8);
- }
- }
- }
- }
-
+ memcpy (newmem, chunk2mem (oldp), oldsize - SIZE_SZ);
_int_free(av, oldp, 1);
check_inuse_chunk(av, newp);
return chunk2mem(newp);