From patchwork Wed Mar 18 10:44:50 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhiqiang Zhang X-Patchwork-Id: 451358 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from whitealder.osuosl.org (whitealder.osuosl.org [140.211.166.138]) by ozlabs.org (Postfix) with ESMTP id 11E8614009B for ; Wed, 18 Mar 2015 21:46:18 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id E3B0891D65; Wed, 18 Mar 2015 10:46:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lRfW8On2PFSM; Wed, 18 Mar 2015 10:46:15 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id C6BB491D79; Wed, 18 Mar 2015 10:46:14 +0000 (UTC) X-Original-To: uclibc@lists.busybox.net Delivered-To: uclibc@osuosl.org Received: from hemlock.osuosl.org (hemlock.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 739571C24FE for ; Wed, 18 Mar 2015 10:46:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 711868B3C5 for ; Wed, 18 Mar 2015 10:46:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y7acZyu-fMSn for ; Wed, 18 Mar 2015 10:46:11 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [119.145.14.66]) by hemlock.osuosl.org (Postfix) with ESMTPS id 565DF8A343 for ; Wed, 18 Mar 2015 10:46:11 +0000 (UTC) Received: from 172.24.2.119 (EHLO szxeml430-hub.china.huawei.com) ([172.24.2.119]) by szxrg03-dlp.huawei.com (MOS 4.4.3-GA FastPath queued) with ESMTP id BDH39362; Wed, 18 Mar 2015 18:46:08 +0800 (CST) Received: from kernel-host.huawei (10.107.197.247) by szxeml430-hub.china.huawei.com (10.82.67.185) with Microsoft SMTP Server id 14.3.158.1; Wed, 18 Mar 2015 18:45:57 +0800 From: Zhiqiang Zhang To: Subject: [RFC][PATCH] malloc:checked_request2size fail will let malloc futex locked Date: Wed, 18 Mar 2015 18:44:50 +0800 Message-ID: <1426675490-52899-1-git-send-email-zhangzhiqiang.zhang@huawei.com> X-Mailer: git-send-email 1.9.0 MIME-Version: 1.0 X-Originating-IP: [10.107.197.247] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020204.55095770.0172, ss=1, re=0.001, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-05-26 15:14:31, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: cd82f23fd305ec51de643811081b5ec5 Cc: weiwei71@huawei.com X-BeenThere: uclibc@uclibc.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion and development of uClibc \(the embedded C library\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: uclibc-bounces@uclibc.org Sender: "uClibc" For some rarely cases(almost App bugs), calling malloc with a very largre size, checked_request2size check will fail,set ENOMEM, and return 0 to caller. But this will let __malloc_lock futex locked and owned by the caller. In multithread circumstance, other thread calling malloc/calloc will NOT succeed and get locked. ---------------------------------------- Signed-off-by: Zhiqiang Zhang --- libc/stdlib/malloc-standard/malloc.c | 5 +++-- libc/stdlib/malloc-standard/memalign.c | 2 +- libc/stdlib/malloc-standard/realloc.c | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/libc/stdlib/malloc-standard/malloc.c b/libc/stdlib/malloc-standard/malloc.c index 2abb5bb..fd33b50 100644 --- a/libc/stdlib/malloc-standard/malloc.c +++ b/libc/stdlib/malloc-standard/malloc.c @@ -832,8 +832,6 @@ void* malloc(size_t bytes) } #endif - __MALLOC_LOCK; - av = get_malloc_state(); /* Convert request size to internal form by adding (sizeof(size_t)) bytes overhead plus possibly more to obtain necessary alignment and/or @@ -845,6 +843,9 @@ void* malloc(size_t bytes) checked_request2size(bytes, nb); + __MALLOC_LOCK; + av = get_malloc_state(); + /* Bypass search if no frees yet */ diff --git a/libc/stdlib/malloc-standard/memalign.c b/libc/stdlib/malloc-standard/memalign.c index 6303c1d..e9ae5a7 100644 --- a/libc/stdlib/malloc-standard/memalign.c +++ b/libc/stdlib/malloc-standard/memalign.c @@ -52,8 +52,8 @@ void* memalign(size_t alignment, size_t bytes) alignment = a; } - __MALLOC_LOCK; checked_request2size(bytes, nb); + __MALLOC_LOCK; /* Strategy: find a spot within that chunk that meets the alignment * request, and then possibly free the leading and trailing space. */ diff --git a/libc/stdlib/malloc-standard/realloc.c b/libc/stdlib/malloc-standard/realloc.c index e060b70..e49d111 100644 --- a/libc/stdlib/malloc-standard/realloc.c +++ b/libc/stdlib/malloc-standard/realloc.c @@ -54,9 +54,9 @@ void* realloc(void* oldmem, size_t bytes) return NULL; } + checked_request2size(bytes, nb); __MALLOC_LOCK; av = get_malloc_state(); - checked_request2size(bytes, nb); oldp = mem2chunk(oldmem); oldsize = chunksize(oldp);