[RFC,7/7] malloc: Check the alignment of mmapped chunks before unmapping.
Commit Message
* malloc/malloc.c (munmap_chunk): Verify chunk alignment.
---
malloc/malloc.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
@@ -2799,6 +2799,7 @@ static void
internal_function
munmap_chunk (mchunkptr p)
{
+ size_t pagesize = GLRO (dl_pagesize);
INTERNAL_SIZE_T size = chunksize (p);
assert (chunk_is_mmapped (p));
@@ -2809,13 +2810,15 @@ munmap_chunk (mchunkptr p)
return;
uintptr_t block = (uintptr_t) p - prev_size (p);
+ uintptr_t mem = (uintptr_t) chunk2mem(p);
size_t total_size = prev_size (p) + size;
/* Unfortunately we have to do the compilers job by hand here. Normally
we would test BLOCK and TOTAL-SIZE separately for compliance with the
page size. But gcc does not recognize the optimization possibility
(in the moment at least) so we combine the two values into one before
the bit test. */
- if (__builtin_expect (((block | total_size) & (GLRO (dl_pagesize) - 1)) != 0, 0))
+ if (__glibc_unlikely ((block | total_size) & (pagesize - 1)) != 0
+ || __glibc_unlikely (!powerof2 (mem & (pagesize - 1))))
{
malloc_printerr (check_action, "munmap_chunk(): invalid pointer",
chunk2mem (p), NULL);