aboutsummaryrefslogtreecommitdiff
path: root/malloc
diff options
context:
space:
mode:
authorSzabolcs Nagy <szabolcs.nagy@arm.com>2021-03-11 14:09:56 +0000
committerSzabolcs Nagy <szabolcs.nagy@arm.com>2021-03-26 11:03:06 +0000
commit8ae909a533b12221c3fd0c2331b13d99d9790718 (patch)
tree139dd8b6670e894ab1aa576cbbbf5b33d2484df7 /malloc
parent42cc96066b22ba065db11096c78881a55e45def4 (diff)
downloadglibc-8ae909a533b12221c3fd0c2331b13d99d9790718.zip
glibc-8ae909a533b12221c3fd0c2331b13d99d9790718.tar.gz
glibc-8ae909a533b12221c3fd0c2331b13d99d9790718.tar.bz2
malloc: Fix a potential realloc issue with memory tagging
At an _int_free call site in realloc the wrong size was used for tag clearing: the chunk header of the next chunk was also cleared which in practice may work, but logically wrong. The tag clearing is moved before the memcpy to save a tag computation, this avoids a chunk2mem. Another chunk2mem is removed because newmem does not have to be recomputed. Whitespaces got fixed too. Reviewed-by: DJ Delorie <dj@redhat.com>
Diffstat (limited to 'malloc')
-rw-r--r--malloc/malloc.c14
1 files changed, 7 insertions, 7 deletions
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 9d9f7b9..eae000b 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4851,14 +4851,14 @@ _int_realloc(mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
}
else
{
- void *oldmem = chunk2mem (oldp);
+ void *oldmem = chunk2rawmem (oldp);
+ size_t sz = CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ;
+ (void) TAG_REGION (oldmem, sz);
newmem = TAG_NEW_USABLE (newmem);
- memcpy (newmem, oldmem,
- CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ);
- (void) TAG_REGION (chunk2rawmem (oldp), oldsize);
- _int_free (av, oldp, 1);
- check_inuse_chunk (av, newp);
- return chunk2mem (newp);
+ memcpy (newmem, oldmem, sz);
+ _int_free (av, oldp, 1);
+ check_inuse_chunk (av, newp);
+ return newmem;
}
}
}