diff options
author | Rich Felker <dalias@aerifal.cx> | 2015-06-22 18:50:09 +0000 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2015-06-22 18:50:09 +0000 |
commit | ba819787ee93ceae94efd274f7849e317c1bff58 (patch) | |
tree | 0de9857d6e6567934f23ffe1eb17ed4cee448d21 /src | |
parent | 55d061f031085f24d138664c897791aebe9a2fab (diff) | |
download | musl-ba819787ee93ceae94efd274f7849e317c1bff58.tar.gz musl-ba819787ee93ceae94efd274f7849e317c1bff58.tar.bz2 musl-ba819787ee93ceae94efd274f7849e317c1bff58.tar.xz musl-ba819787ee93ceae94efd274f7849e317c1bff58.zip |
fix calloc when __simple_malloc implementation is used
previously, calloc's implementation encoded assumptions about the
implementation of malloc, accessing a size_t word just prior to the
allocated memory to determine if it was obtained by mmap to optimize
out the zero-filling. when __simple_malloc is used (static linking a
program with no realloc/free), it doesn't matter if the result of this
check is wrong, since all allocations are zero-initialized anyway. but
the access could be invalid if it crosses a page boundary or if the
pointer is not sufficiently aligned, which can happen for very small
allocations.
this patch fixes the issue by moving the zero-fill logic into malloc.c
with the full malloc, as a new function named __malloc0, which is
provided by a weak alias to __simple_malloc (which always gives
zero-filled memory) when the full malloc is not in use.
Diffstat (limited to 'src')
-rw-r--r-- | src/malloc/calloc.c | 15 | ||||
-rw-r--r-- | src/malloc/lite_malloc.c | 1 | ||||
-rw-r--r-- | src/malloc/malloc.c | 11 |
3 files changed, 15 insertions, 12 deletions
diff --git a/src/malloc/calloc.c b/src/malloc/calloc.c index c3dfb473..436c0b03 100644 --- a/src/malloc/calloc.c +++ b/src/malloc/calloc.c @@ -1,22 +1,13 @@ #include <stdlib.h> #include <errno.h> +void *__malloc0(size_t); + void *calloc(size_t m, size_t n) { - void *p; - size_t *z; if (n && m > (size_t)-1/n) { errno = ENOMEM; return 0; } - n *= m; - p = malloc(n); - if (!p) return 0; - /* Only do this for non-mmapped chunks */ - if (((size_t *)p)[-1] & 7) { - /* Only write words that are not already zero */ - m = (n + sizeof *z - 1)/sizeof *z; - for (z=p; m; m--, z++) if (*z) *z=0; - } - return p; + return __malloc0(n * m); } diff --git a/src/malloc/lite_malloc.c b/src/malloc/lite_malloc.c index 008549d6..b09f30b0 100644 --- a/src/malloc/lite_malloc.c +++ b/src/malloc/lite_malloc.c @@ -47,3 +47,4 @@ void *__simple_malloc(size_t n) } weak_alias(__simple_malloc, malloc); +weak_alias(__simple_malloc, malloc0); diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c index 290fda1c..eb68d554 100644 --- a/src/malloc/malloc.c +++ b/src/malloc/malloc.c @@ -356,6 +356,17 @@ void *malloc(size_t n) return CHUNK_TO_MEM(c); } +void *__malloc0(size_t n) +{ + void *p = malloc(n); + if (p && !IS_MMAPPED(MEM_TO_CHUNK(p))) { + size_t *z; + n = (n + sizeof *z - 1)/sizeof *z; + for (z=p; n; n--, z++) if (*z) *z=0; + } + return p; +} + void *realloc(void *p, size_t n) { struct chunk *self, *next; |