From patchwork Tue Nov 7 15:27:08 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Istvan Kurucsai X-Patchwork-Id: 835333 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=sourceware.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=libc-alpha-return-86858-incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.b="N9P2vhm/"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yWYGj56lTz9t2M for ; Wed, 8 Nov 2017 02:28:13 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:date:message-id:in-reply-to :references; q=dns; s=default; b=ElikaLv8BLDLRH/dnP3C8pOYxjTV7cz pY6w+Zm3bkdx6UcHFEHbsYK4T2L24S4qAAa7OXyiajBl4iOlw21L7y/3exn7/PPa gHqoog7AotQxdUjDbbkZqh748KiYL5Zl/5G4x9wvFr4+gpJVsK1Ma7Iqp80X0kG4 +Fi05omHypMY= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:date:message-id:in-reply-to :references; s=default; bh=L7e/5y1PsL/uGiJgurEh5TkdYm8=; b=N9P2v hm/JqkbR3nu9n51gPOBnQZu2PrC10DApV9vyqJ0Xy739z1naGzYysS/7EwqHdDP4 ooDbO9nFwOW8UjFfDxrlAOfO+eCe+fSgA9hDHHi9TTFraCcimWQ7M8VgGnc7uLzw tPIEMcCbwG8P+jKphp4aowQMBRmgrc5I+GvJPE= Received: (qmail 70688 invoked by alias); 7 Nov 2017 15:27:30 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 70566 invoked by uid 89); 7 Nov 2017 15:27:29 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=AWL, BAYES_00, FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM, SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-spam-relays-external:74.125.82.68, H*RU:74.125.82.68, integrity, Hx-languages-length:947 X-HELO: mail-wm0-f68.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Shmjoh1OZgsIvcbJ4DjHiCeF2oxO+JolVnM2alFOUGw=; b=Hh44L51lrOTah0ZBkpnghqfskxEzlmOJpr/URTMCqqUTtcp039pbbbsNDSnwPqN+Ik 7HPzQtytmyaSRx//vRGWP80IM2HcOQ8IDKisUORgOcsLl710h84RiDOJAsSFGV/LiJ80 uP4mkTvw4SumpfCVEacdPHMAwxD4hQhRTFB4Iazj/8j7S1TYmIiTfyfVuArtU0updml5 1W7pC7CrcJu0GjO3icufvQlQmNRdPCxaTtvwXjeCcWoAznC3ve5HYhqAcRgj5mSFANGy jU00hDMSxOqHsf++J+QYQytNWiJqN4/ExG4OqWDXPAEHVOzDWBWhwva/64QrRrDzbZEK ZYFw== X-Gm-Message-State: AJaThX6gOo/O1RBysI89P/9/EQWM26l4YCejQ44GV5UgqcOMNtsQy+tD BD9uzvXmep2DwNjliC0gu+OaC0qZ X-Google-Smtp-Source: ABhQp+QWK1p8YF1Ytw4ucGVWxsvlL1alp+/HjdBMAujWK7x95/rQxM3ofFL6IMPDeEGfnayF5ZjkWQ== X-Received: by 10.28.211.213 with SMTP id k204mr1554006wmg.68.1510068446501; Tue, 07 Nov 2017 07:27:26 -0800 (PST) From: Istvan Kurucsai To: libc-alpha@sourceware.org Cc: Istvan Kurucsai Subject: [PATCH v2 5/7] malloc: Verify the integrity of mmapped chunks in calloc. Date: Tue, 7 Nov 2017 16:27:08 +0100 Message-Id: <1510068430-27816-6-git-send-email-pistukem@gmail.com> In-Reply-To: <1510068430-27816-1-git-send-email-pistukem@gmail.com> References: <1510068430-27816-1-git-send-email-pistukem@gmail.com> * malloc/malloc.c (__libc_calloc): Check mmapped chunks. --- malloc/malloc.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/malloc/malloc.c b/malloc/malloc.c index 8e48952..5eb661e 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -3447,6 +3447,15 @@ __libc_calloc (size_t n, size_t elem_size) /* Two optional cases in which clearing not necessary */ if (chunk_is_mmapped (p)) { + size_t pagesize = GLRO (dl_pagesize); + INTERNAL_SIZE_T offset = prev_size (p); + INTERNAL_SIZE_T size = chunksize (p); + uintptr_t block = (uintptr_t) p - offset; + size_t total_size = offset + size; + if (__glibc_unlikely ((block | total_size) & (pagesize - 1)) != 0 + || __glibc_unlikely (!powerof2 ((uintptr_t) mem & (pagesize - 1)))) + malloc_printerr ("calloc(): invalid mmapped chunk"); + if (__builtin_expect (perturb_byte, 0)) return memset (mem, 0, sz);