malloc: ensure set_max_fast never stores zero
Commit Message
The code for set_max_fast() stores an "impossibly small value"
instead of zero, when the parameter is zero. However, for
small values of the parameter (ex: 1 or 2) the computation
results in a zero being stored anyway.
This patch checks for the parameter being small enough for the
computation to result in zero instead, so that a zero is never
stored.
key values which result in zero being stored:
x86-64: 1..7 (or other 64-bit)
i686: 1..11
armhfp: 1..3 (or other 32-bit)
Comments
On 4/4/20 1:52 AM, DJ Delorie via Libc-alpha wrote:
>
> The code for set_max_fast() stores an "impossibly small value"
> instead of zero, when the parameter is zero. However, for
> small values of the parameter (ex: 1 or 2) the computation
> results in a zero being stored anyway.
Agreed.
> This patch checks for the parameter being small enough for the
> computation to result in zero instead, so that a zero is never
> stored.
Right, because (1 + SIZE_SZ) & ~MALLOC_ALIGN_MASK is zero.
> key values which result in zero being stored:
>
> x86-64: 1..7 (or other 64-bit)
> i686: 1..11
> armhfp: 1..3 (or other 32-bit)
>
OK with bug # attached.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
> diff --git a/malloc/malloc.c b/malloc/malloc.c
> index 6acb5ad43a..ee87ddbbf9 100644
> --- a/malloc/malloc.c
> +++ b/malloc/malloc.c
> @@ -1632,7 +1632,7 @@ static INTERNAL_SIZE_T global_max_fast;
> */
>
> #define set_max_fast(s) \
> - global_max_fast = (((s) == 0) \
> + global_max_fast = (((size_t) (s) <= MALLOC_ALIGN_MASK - SIZE_SZ) \
> ? MIN_CHUNK_SIZE / 2 : ((s + SIZE_SZ) & ~MALLOC_ALIGN_MASK))
>
> static inline INTERNAL_SIZE_T
>
@@ -1632,7 +1632,7 @@ static INTERNAL_SIZE_T global_max_fast;
*/
#define set_max_fast(s) \
- global_max_fast = (((s) == 0) \
+ global_max_fast = (((size_t) (s) <= MALLOC_ALIGN_MASK - SIZE_SZ) \
? MIN_CHUNK_SIZE / 2 : ((s + SIZE_SZ) & ~MALLOC_ALIGN_MASK))
static inline INTERNAL_SIZE_T