Skip to content

Commit

Permalink
Update.
Browse files Browse the repository at this point in the history
2004-12-11  Ulrich Drepper  <drepper@redhat.com>

	* malloc/malloc.c (_int_realloc): Add checks for corrupted memory.
	(_int_free): Make clear message are result of free() calls.

	* malloc/malloc.c (_int_realloc): Remove unnecessary tests for
	oldmem and size == 0.
  • Loading branch information
Ulrich Drepper committed Dec 11, 2004
1 parent 8c7d369 commit 76761b6
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 16 deletions.
8 changes: 8 additions & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
2004-12-11 Ulrich Drepper <drepper@redhat.com>

* malloc/malloc.c (_int_realloc): Add checks for corrupted memory.
(_int_free): Make clear message are result of free() calls.

* malloc/malloc.c (_int_realloc): Remove unnecessary tests for
oldmem and size == 0.

2004-12-10 Ulrich Drepper <drepper@redhat.com>

* malloc/arena.c (arena_get2): Prevent endless loop if arenas and
Expand Down
45 changes: 29 additions & 16 deletions malloc/malloc.c
Original file line number Diff line number Diff line change
Expand Up @@ -4256,7 +4256,7 @@ _int_free(mstate av, Void_t* mem)
|| __builtin_expect (chunksize (chunk_at_offset (p, size))
>= av->system_mem, 0))
{
errstr = "invalid next size (fast)";
errstr = "free(): invalid next size (fast)";
goto errout;
}

Expand Down Expand Up @@ -4306,7 +4306,7 @@ _int_free(mstate av, Void_t* mem)
if (__builtin_expect (nextchunk->size <= 2 * SIZE_SZ, 0)
|| __builtin_expect (nextsize >= av->system_mem, 0))
{
errstr = "invalid next size (normal)";
errstr = "free(): invalid next size (normal)";
goto errout;
}

Expand Down Expand Up @@ -4550,39 +4550,52 @@ _int_realloc(mstate av, Void_t* oldmem, size_t bytes)
INTERNAL_SIZE_T* s; /* copy source */
INTERNAL_SIZE_T* d; /* copy destination */

const char *errstr = NULL;

#if REALLOC_ZERO_BYTES_FREES
if (bytes == 0) {
if (oldmem != 0)
_int_free(av, oldmem);
return 0;
}
#endif

/* realloc of null is supposed to be same as malloc */
if (oldmem == 0) return _int_malloc(av, bytes);

checked_request2size(bytes, nb);

oldp = mem2chunk(oldmem);
oldsize = chunksize(oldp);

/* Simple tests for old block integrity. */
if (__builtin_expect ((uintptr_t) oldp & MALLOC_ALIGN_MASK, 0))
{
errstr = "realloc(): invalid pointer";
errout:
malloc_printerr (check_action, errstr, oldmem);
return NULL;
}
if (__builtin_expect (oldp->size <= 2 * SIZE_SZ, 0)
|| __builtin_expect (oldsize >= av->system_mem, 0))
{
errstr = "realloc(): invalid size";
goto errout;
}

check_inuse_chunk(av, oldp);

if (!chunk_is_mmapped(oldp)) {

next = chunk_at_offset(oldp, oldsize);
INTERNAL_SIZE_T nextsize = chunksize(next);
if (__builtin_expect (next->size <= 2 * SIZE_SZ, 0)
|| __builtin_expect (nextsize >= av->system_mem, 0))
{
errstr = "realloc(): invalid next size";
goto errout;
}

if ((unsigned long)(oldsize) >= (unsigned long)(nb)) {
/* already big enough; split below */
newp = oldp;
newsize = oldsize;
}

else {
next = chunk_at_offset(oldp, oldsize);

/* Try to expand forward into top */
if (next == av->top &&
(unsigned long)(newsize = oldsize + chunksize(next)) >=
(unsigned long)(newsize = oldsize + nextsize) >=
(unsigned long)(nb + MINSIZE)) {
set_head_size(oldp, nb | (av != &main_arena ? NON_MAIN_ARENA : 0));
av->top = chunk_at_offset(oldp, nb);
Expand All @@ -4594,7 +4607,7 @@ _int_realloc(mstate av, Void_t* oldmem, size_t bytes)
/* Try to expand forward into next chunk; split off remainder below */
else if (next != av->top &&
!inuse(next) &&
(unsigned long)(newsize = oldsize + chunksize(next)) >=
(unsigned long)(newsize = oldsize + nextsize) >=
(unsigned long)(nb)) {
newp = oldp;
unlink(next, bck, fwd);
Expand Down

0 comments on commit 76761b6

Please sign in to comment.