forked from rpms/glibc
36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
|
From b9cde4e3aa1ff338da7064daf1386b2f4a7351ba Mon Sep 17 00:00:00 2001
|
||
|
From: DJ Delorie <dj@redhat.com>
|
||
|
Date: Sat, 4 Apr 2020 01:44:56 -0400
|
||
|
Subject: malloc: ensure set_max_fast never stores zero [BZ #25733]
|
||
|
|
||
|
The code for set_max_fast() stores an "impossibly small value"
|
||
|
instead of zero, when the parameter is zero. However, for
|
||
|
small values of the parameter (ex: 1 or 2) the computation
|
||
|
results in a zero being stored anyway.
|
||
|
|
||
|
This patch checks for the parameter being small enough for the
|
||
|
computation to result in zero instead, so that a zero is never
|
||
|
stored.
|
||
|
|
||
|
key values which result in zero being stored:
|
||
|
|
||
|
x86-64: 1..7 (or other 64-bit)
|
||
|
i686: 1..11
|
||
|
armhfp: 1..3 (or other 32-bit)
|
||
|
|
||
|
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
||
|
|
||
|
diff --git a/malloc/malloc.c b/malloc/malloc.c
|
||
|
index 6acb5ad43a..ee87ddbbf9 100644
|
||
|
--- a/malloc/malloc.c
|
||
|
+++ b/malloc/malloc.c
|
||
|
@@ -1632,7 +1632,7 @@ static INTERNAL_SIZE_T global_max_fast;
|
||
|
*/
|
||
|
|
||
|
#define set_max_fast(s) \
|
||
|
- global_max_fast = (((s) == 0) \
|
||
|
+ global_max_fast = (((size_t) (s) <= MALLOC_ALIGN_MASK - SIZE_SZ) \
|
||
|
? MIN_CHUNK_SIZE / 2 : ((s + SIZE_SZ) & ~MALLOC_ALIGN_MASK))
|
||
|
|
||
|
static inline INTERNAL_SIZE_T
|