From patchwork Thu Mar 11 17:57:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Szabolcs Nagy X-Patchwork-Id: 42457 X-Patchwork-Delegate: dj@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 4EF30382E807; Thu, 11 Mar 2021 17:57:40 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4EF30382E807 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1615485460; bh=BlVDKGsaZvyFN0XxhRrHlT6wVwi7PPXt3G01AAwQQuM=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=JFOR4bHBxxZlFIHnvWOCQyAgLRXB7stab2bN9KerwrfhSO+WILMt+/M++HhhiYV7s sQuacq14aiudFyOVnTjNQIGKa8GSCYgtdsACfzGKqjTEhO/matXDGgmwjIJICCtKwj 2ZYMkCz1ymc8wG/S50GJjja4JnYc6PntJldplZpg= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2040.outbound.protection.outlook.com [40.107.21.40]) by sourceware.org (Postfix) with ESMTPS id 910AD382E807 for ; Thu, 11 Mar 2021 17:57:36 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 910AD382E807 Received: from AM6PR08CA0012.eurprd08.prod.outlook.com (2603:10a6:20b:b2::24) by AM0PR08MB3265.eurprd08.prod.outlook.com (2603:10a6:208:56::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17; Thu, 11 Mar 2021 17:57:32 +0000 Received: from AM5EUR03FT009.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:b2:cafe::90) by AM6PR08CA0012.outlook.office365.com (2603:10a6:20b:b2::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17 via Frontend Transport; Thu, 11 Mar 2021 17:57:31 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;sourceware.org; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT009.mail.protection.outlook.com (10.152.16.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.31 via Frontend Transport; Thu, 11 Mar 2021 17:57:31 +0000 Received: ("Tessian outbound 67e186bef91c:v71"); Thu, 11 Mar 2021 17:57:31 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 1626556773d5a14f X-CR-MTA-TID: 64aa7808 Received: from cb27d72dc54c.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id E2FA191C-F78F-4B2D-8CDF-50F6B3BA52D6.1; Thu, 11 Mar 2021 17:57:18 +0000 Received: from EUR02-VE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id cb27d72dc54c.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 11 Mar 2021 17:57:18 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dmBYrIlDeQmYAM2Il9OQM8M342u7xphOk4Z7VQpGU0rDzukbrpnGolAlZIulldeIrn5HITDQwEFoea1gfiuhZGF3ySQ6WIPhgPqZsczQKj6UuR3VaYmxRehXMHfZBQ/MlsfxkUXUr2RRwfOCej1p+4+CU+w6B3HH552qQjV31m777tcqkznqRb6vrqnkKKsJSGsdsXXe22/yM8DyzYRWBwyUlF1presqkRyD6A0RJXesXWh78NjwYdo1H9aY3MUX1bTh5Spfms8kSr/UieVrUks1LThv5xlehifkGbUNJfBcrHp8HI8VKBLBGDYVJrue2Dq14TBw5LooEVRNPGqVAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BlVDKGsaZvyFN0XxhRrHlT6wVwi7PPXt3G01AAwQQuM=; b=bQK0C1AXKfuB1y2vRXgEts7cneuPt7CT2hiK3Q/B8Yl7ZSIpap38tz5SZACmQDs1uKixaypjUYFDRHLOsXWvgNGnUX1uGl+qzqxK2uzznlUN/EgJZJjomggRAD8zpvyD3eQV3iCmeSDFl5qkvJ+ZdovENEJ1pjMBqa+bE38P3eiE03elMATfgMC4U46lVEnOYnMFbyxzkpT23L+aSHfkX5Ifj6+OqPzhG1pg8Iuc0rl7FAfegs/79L/gNFvH88Bspg+lGFCSMudlO6WRjX4A1STfMXaM+cHvhHOSWFRw72LLPlnJN7MiFbWKhbpuHd3AcncFX9gqhbk6jXi4NnD7Lg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from PA4PR08MB6320.eurprd08.prod.outlook.com (2603:10a6:102:e5::9) by PAXPR08MB6557.eurprd08.prod.outlook.com (2603:10a6:102:de::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17; Thu, 11 Mar 2021 17:57:10 +0000 Received: from PA4PR08MB6320.eurprd08.prod.outlook.com ([fe80::60f0:3773:69b8:e336]) by PA4PR08MB6320.eurprd08.prod.outlook.com ([fe80::60f0:3773:69b8:e336%2]) with mapi id 15.20.3912.031; Thu, 11 Mar 2021 17:57:10 +0000 To: libc-alpha@sourceware.org, DJ Delorie Subject: [PATCH v2 1/2] malloc: Fix a realloc crash with heap tagging [BZ 27468] Date: Thu, 11 Mar 2021 17:57:04 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [217.140.106.49] X-ClientProxiedBy: LO2P265CA0396.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:f::24) To PA4PR08MB6320.eurprd08.prod.outlook.com (2603:10a6:102:e5::9) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (217.140.106.49) by LO2P265CA0396.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:f::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.26 via Frontend Transport; Thu, 11 Mar 2021 17:57:10 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 40632eca-c5c9-411a-c45a-08d8e4b724a9 X-MS-TrafficTypeDiagnostic: PAXPR08MB6557:|AM0PR08MB3265: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:8882;OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: nbgebIfwv3Deo1n7A6zsyZzWufDLfEiKLSAKLf0LsiNQbjo+o/QGjM+1+RuvzEnwXuroCBgMw7fuN9kA9p43gUv/KjA5k+eThkjoAkmFKwXmZTYzbEPCXyc4/lOPAxDD0LwzxPhwRpwyeMBuEE8PLCydC1sA+jCE4/BQNI0d/L7utd540A8uhEGNkiFwizFNgrAodA+feTOhXnB1nqxosnMrAiLfiquCg7BA3oimF/4CKCxSdF53fJznSSkdPjqC1wT1PK0kRcNayzTynUpKtAG+f7wIihTNHHP3iC1FVz14kbjGw+7j81hexFhT7b4kjRn2zOUoDxDKuT6HTUDA/gYMf9spGLpquo46XNRy3FWsG25ALiz/UQw1yzgP/8c1Ga526fT73Oid7FvL2ZkL/coK7v4CKv2X8AK5zD04Xaxk/O8xTwIAGXXeKVB8D8VgF7Az0yw6dpSYpR9eGsnT0dGGMo2ap8jLKJerPHwkFzDkEsjO0HOllcwsRZn2olMBGV8+bT9uMH8QJ7CQBCTmgfz6eUH2CKpn7O+Bbfkg8baicBk5DTrl6YU/QVk8DUAqDfyNCLIMu14+jpl58nWtXQ== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PA4PR08MB6320.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(396003)(376002)(346002)(39860400002)(366004)(36756003)(86362001)(69590400012)(66556008)(2616005)(186003)(956004)(6486002)(83380400001)(44832011)(16526019)(26005)(4744005)(316002)(6916009)(6506007)(478600001)(52116002)(8936002)(8676002)(6512007)(66946007)(2906002)(66476007)(6666004)(5660300002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: jVqtGTM6dYhzKm4JRGniO0DWB1E2dxzGkGHNMlW7fUAFBgKU/O9TojQ9n2Ic/BdHufD6t9wsmlUKc4TczKq3yuURAiO1CwrN22vsjGcOABouXwao1DPq67JDagT0OKZeqP81bbl1SJqwZRdJT2zsuIW4nTDVZxz+aRPBV5o3Cbkmq90JDJfrto0hIBOHpPujMy0xjSvrsfCTjs0uFs9F4xXVjk46yc5NzkBMPfO+FLLh1H8XlqlkNeERFP9vM8c0k7mlzKc1uwbT7x/2aOWOZWw0lG5+5/pON6kt0+3A33pIcjKUJuKMClR6GMXm6WbGphI1m/cr1jVKUeqRPZd7XacNo6BxUQ4x/HP/ci2dBULLr9KXwaJkSX/HKEkTAi9Tgb1i1lf+jXBCqdp2mK0hELp3QWFaC+rUDY6ybHy6VEqPC0tzg0v5ggROIDKdlR91kgjwJDR1m2aC6ETfjNNWyfjaMcczQzAH8BNzv8wk1kCK/WGW9WH/qXHmw6nggyuyROY4RMT/ea6ZgYHsJcNrXEzSNhdTm09PkWpfQoa3Z432uuq3r1+hdkK/sXJ22qH/53t0gyJSJZh/xkiUEKFXQMU9S7h8ZWvT226gfaRIr8LXgvHdwI6fuqqxl/DBhpFExoB0TiJtVZOLTvmlkcWx8rhtioaObPwSpT6I0kEgSkHqIdyekzsWB0WMVyk2dudgOqo2Kq2DNc8pnrz/KwzvPxNUT+Rn70H9RrstI8l7vL7XWWivqpDhqliwJ2EvJoj8lxLsAVBh5nIbGzI2jK6sFtmkkq7aQu0xRg0PAtEj7nBGtu+ahGDvk1Czy7bVAAQUKMrXQ3mYhP8pHshoOsdgS++M+O+zFpJS3tCmdcB+AWUNTh4+uQpJGm5Jh2OYtXOWfQfcoRptqLLxJOo+cb09dMOgX9dLW95J6JWvi5/V1vjSh16xk8baPGxvqMBFnu695pFEqGkiLXd7E/V+1+SQDFIbBoC5Z+8UAliUXzyTigybu/ysjiZhK9YtcNNMznVz6fjyjn4SguskM4r6TkGMwOqaWUfdPyN6pFmUHbOZ1+nL3+bVsWMYEG0qfWNpcCiOc6LoVBLQUqXtShaF90HlC+pP28+6iHDNpQs8OzFRq/DuUNnW+vZJKTTwNwi+BsAZhUc2K8f0vaMwd9gn941CneIcbnwLkupzj3/D/mm/H7GCDC66hJYp2kjOPmRYXXUUvVW5CRYkhwS9LD0oqvll7VhfcI5Zl0cpohcbAbdXthQcTpGivwoBZmzkJpPezA1ZFxPDJo2VH+E7CsazdO2OpbclBMy29mjyxFXyZxrfaAWZ1rMM0radUzM44FIXbIEV X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR08MB6557 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT009.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: a97794a3-1180-443f-bd1f-08d8e4b717dc X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Ec8wbNtEir0sVLptRDSfnjAbDydq3MG9JOQTEk5qJAqL3NrfjAYljCCRcgmLyM7luiWtb37fi/IwKlF/9yV+dghZBx+oygocmMMmDYP/s7LkToWlUrbUDDMawXsj8LV8Nf9ZznmSvb9smazN+XJ46sc615Q2v/MbbAny/SUq5KytNqwUYzWMf5M9D+W2yagTPiwe8/rz9eKl6snXYIY/b/C8epMS3DL2nWQq3eDRTb5vy/3fKA+vck2sUJ0Ry5SNugBgJIFnMo07ds6H0ytXhp6r+u2ALs/BtrI1wPt6FnY20A5u1cWyplc9MWn1TcDQlK22a/J2eZVmgScutvnLfvfPxFSvj5xDraOsg4Q8fzdKKsuo4qa9eoJKhy5DBLwxki6jNSAlpmT9XS+2DeFNe8OWlG/jHvZ5TPzA3edKt7+/mdmXXOglbnpwPF3sqkWbzR5JIvULbxFRTpc6G22kl4PuQFM39/Czwb74fIxYv7GBi9q2+JoSkWdLbP0mL/vLgxs0YqOEdNEoZ5tHJ7Mxc/wk4XL9Q5LVzJFDKUbvA1H4gUR1LlFfuz0v/GXWIwkUUaF0YosDLvKUk/CgF3UnioDDodaBNzHxse+34oLN5ltUVVpj/Lvk7oYZJGjofTYKRIvPsTPQW/CJ6c2DmVmF6gyTDp1aw/+uDqHmmfuYpFLtQJn9RFm7nYyBAL58R+gB X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(346002)(396003)(376002)(136003)(39860400002)(46966006)(36840700001)(6506007)(82310400003)(47076005)(8936002)(70586007)(478600001)(356005)(6862004)(336012)(8676002)(70206006)(6486002)(6666004)(26005)(956004)(2906002)(2616005)(316002)(69590400012)(5660300002)(83380400001)(36756003)(6512007)(36860700001)(16526019)(186003)(86362001)(44832011)(4744005)(81166007)(82740400003); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2021 17:57:31.7584 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 40632eca-c5c9-411a-c45a-08d8e4b724a9 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT009.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3265 X-Spam-Status: No, score=-13.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Szabolcs Nagy via Libc-alpha From: Szabolcs Nagy Reply-To: Szabolcs Nagy Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" _int_free must be called with a chunk that has its tag reset. This was missing in a rare case that could crash when heap tagging is enabled: when in a multi-threaded process the current arena runs out of memory during realloc, but another arena still has space to finish the realloc then _int_free was called without clearing the user allocation tags. Fixes bug 27468. Reviewed-by: DJ Delorie --- malloc/malloc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/malloc/malloc.c b/malloc/malloc.c index 1f4bbd8edf..8f8f12c276 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -3446,7 +3446,9 @@ __libc_realloc (void *oldmem, size_t bytes) newp = __libc_malloc (bytes); if (newp != NULL) { - memcpy (newp, oldmem, oldsize - SIZE_SZ); + size_t sz = CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ; + memcpy (newp, oldmem, sz); + (void) TAG_REGION (chunk2rawmem (oldp), sz); _int_free (ar_ptr, oldp, 0); } } From patchwork Thu Mar 11 17:57:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Szabolcs Nagy X-Patchwork-Id: 42458 X-Patchwork-Delegate: dj@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id DAFDA3897813; Thu, 11 Mar 2021 17:57:40 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DAFDA3897813 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1615485460; bh=Q5g9NZQSYNi4XgQgbJqe4aNOYNht5oFjs4J34rc9bjQ=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=KdsleA44eulkS2NKiN8E39BybJ3I0q3tjF3uZgyuzOUqUwn41poOslYYvkcwqUwmP NG5jq8AUrXHWPb+Mv86luA0f5iTaUxNeUxPB4ETVRO4yFi7bFPSeqJFE4wBQMsUl74 1JUOA3kLqc3P3EwfpXbBbhxYwgPisB7/0j8RKsu8= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130070.outbound.protection.outlook.com [40.107.13.70]) by sourceware.org (Postfix) with ESMTPS id CC7703896828 for ; Thu, 11 Mar 2021 17:57:37 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org CC7703896828 Received: from AS8PR04CA0154.eurprd04.prod.outlook.com (2603:10a6:20b:331::9) by AM0PR08MB5443.eurprd08.prod.outlook.com (2603:10a6:208:183::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17; Thu, 11 Mar 2021 17:57:36 +0000 Received: from AM5EUR03FT026.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:331:cafe::86) by AS8PR04CA0154.outlook.office365.com (2603:10a6:20b:331::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17 via Frontend Transport; Thu, 11 Mar 2021 17:57:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;sourceware.org; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT026.mail.protection.outlook.com (10.152.16.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.31 via Frontend Transport; Thu, 11 Mar 2021 17:57:36 +0000 Received: ("Tessian outbound bbad306dbec1:v71"); Thu, 11 Mar 2021 17:57:35 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 2393ee169c6addf5 X-CR-MTA-TID: 64aa7808 Received: from f80b3600c790.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id D035C840-A967-42BD-9388-FAADA97C6CEF.1; Thu, 11 Mar 2021 17:57:30 +0000 Received: from EUR02-VE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id f80b3600c790.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 11 Mar 2021 17:57:29 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d3xtAt7iuxVW04GIzXITCYi8pMvV8o1QzZQdy4emVwAQH5DQpsWqcKGSxjK42nMqCAsNnM4uOymPxvTdiUu5uAVZGGjeLKupA7HZ9YIWSFHm5kMsX8Uzlhu650iTWvIX4QO8lAw1F3WTGbOGEyatLu5r02TixTdXCECGnbih1Kwev363LvR3lXflkK1tx9FvZmXcVkSjNY5MMEE3Htm7i/OdfjK2gq1rrt1/uyL393f6kRF3ptk5FexV9kWLMk8vB5r9z+8rGSb4pV4xET4zo5WBeaJR3V3+50srn6DiWkaf76DbSuRTDb8B8wozae6uMXcyGLuhb4/ebA8LhRY5qQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q5g9NZQSYNi4XgQgbJqe4aNOYNht5oFjs4J34rc9bjQ=; b=ifbSl+6fZQECocTnZllW6RrqWTCsTbmXk+IzX1u1Ocf4Oucv1NzYVK633arAndJ6Ea8FYdIvDDHI9jwJIIrIX5ySo7J0Tt4J5IOPRTUoEnnZL4rzYQCfQRsfrYuig0We2QT9+cSLzV8gS7sBlC8sVASXan1TvehOTw/SLIAUrjh8T8GHLtfd/ep3w3icz8pQRm3en1SAh05caMLprYXQKM6Q3NknozO+9zqYXGiOEQmx2ZcmSUniDYaCAewsQsx3VHSWueC3sTbpb27nTW7CLDcZ+bQ2Ah8iS54bnCGq+zMc3K/NBaGogBC6+r8ua6FaLqXCxzCE95oI74Nsg5FlvQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from PA4PR08MB6320.eurprd08.prod.outlook.com (2603:10a6:102:e5::9) by PAXPR08MB6557.eurprd08.prod.outlook.com (2603:10a6:102:de::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.17; Thu, 11 Mar 2021 17:57:28 +0000 Received: from PA4PR08MB6320.eurprd08.prod.outlook.com ([fe80::60f0:3773:69b8:e336]) by PA4PR08MB6320.eurprd08.prod.outlook.com ([fe80::60f0:3773:69b8:e336%2]) with mapi id 15.20.3912.031; Thu, 11 Mar 2021 17:57:27 +0000 To: libc-alpha@sourceware.org, DJ Delorie Subject: [PATCH v2 2/2] malloc: Fix a potential realloc issue with memory tagging Date: Thu, 11 Mar 2021 17:57:21 +0000 Message-Id: X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Originating-IP: [217.140.106.49] X-ClientProxiedBy: LO2P265CA0361.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a3::13) To PA4PR08MB6320.eurprd08.prod.outlook.com (2603:10a6:102:e5::9) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (217.140.106.49) by LO2P265CA0361.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a3::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.26 via Frontend Transport; Thu, 11 Mar 2021 17:57:27 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 36514a65-ccad-494f-062b-08d8e4b72733 X-MS-TrafficTypeDiagnostic: PAXPR08MB6557:|AM0PR08MB5443: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:8882;OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: KbE6Pcx/c6BrfEtvQy3zAU2ugYLMx3UxJHxvs47q0mLIVkjRfY6IM8XxRvTdRDBTe1hnFB62Oif1+/rQRlQrp02xyQh4OSlpcuzIh0QrtALeky8WKM1IIsx1vhmYFxtvBwe9rkxHYGzT2TRhBFYF0MAwRFxErSA9ROqFWLNYM0phOciV99PIO9lakASRKOLDFfLeH3Y5uh8pXVYErdekcRTeD4zaZqga7M4ZznPJeCUVoJCkVdxrIObPqm4QvASNnP452dxvTCPtJk/lTiz5f0u2V4RxFZALI5R/o237atsmX5iWYvrVhHe/Ql60n6m8owApjRkVNS7959jiuaDycIGMV9qSAq0J86pBx5ezqcikHUc4HLI2iy1CPyA1XK/fVpUQsUlEo9V+4oGO+YO7nXT0t/g435z15hsEVC4Wiw3uDScfOKBIPjWsBFdziOgluXRIh0Ny7EaT73U5JL0miCnmI14Cit2KSyCfXTUwUBKgrMSFfZ5/0yG4zefSbXq8w4EQzjcuNdURX5/NwrhPjuoB62ZKZOB4+lOq0iNhv5vxxn5vyMr0UCjsaMRL9zV6HqVgqF9L1AiaTE2LisQ+Lw== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PA4PR08MB6320.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(396003)(376002)(346002)(39860400002)(366004)(36756003)(86362001)(69590400012)(66556008)(2616005)(186003)(956004)(6486002)(83380400001)(44832011)(16526019)(26005)(316002)(6916009)(6506007)(478600001)(52116002)(8936002)(8676002)(6512007)(66946007)(2906002)(66476007)(6666004)(5660300002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: beTfIT4z0blBda9qVZc1icJHkSk+qrVD+vIsGpWwm1Y1A0c78j/mOHfUFBrthjI/yMp67kGzJOKSk9Klq5BdxnpQsshD6K+f/xcLhNI7ynSWL3EJtCdXYDNv2GGE16yqPnzrspdGQrZJHmm/lUWLgboLVIdn+3cu7dPs32Oq21n+jXv6M6aGYH728I1l59d94JuWWdA3a6kzUmKCDK7wZdUo02eibvJ2dvOM7nNtE92a4oPNhDPNaw8B0rcy5YWjts6dydJ43umuBpIjrHqTUYUOhE96/fbzVH8w3FakzatVUGh1nWSvh4X2m4NZNp939zdd+fz0X4d498SopzVV4RHoetlDPfMGOhDAycFCe6iGAeWX4tLZ9LK7ZVkjK4576Iaqu1kIzkh7/vn4abJBNgVIUXicRbgagXuAaGysdVsf5U/5aRlXnTNpxlNjXwFCMxUo2SlP2yvNlBcIIpaXZq1OG9N5Cay+iIGkyrF1S1L9v00/gz6oBZbcTODiKov3+HXNZ+eeOFOuMFVNgJXfOwNFCbXwju9SVAo85NDd1lZ96RlzfNaqjlLjiZJU73J9X6OYqAWcLFUyw/wOKaxsxMd85s6Aj1ndFShVkBmNlmyrLBpkm3XcJhkBMdFJBy+NOurXulJz5GmagmnjFTIHTgZ/YhNz0Hb+IyDBwH8bjHHfvy0Dd85r5h0gjh1wXzf+FyjM2/ZrHYfz/F5SFaaeijaYiz2k3JcmfU4mOKAMZR4b03s/3z/8IE6dbXNQZEtOM03RB9NqWwVcA48tgdzjTIn93eyA2itVE/zz9TlHCU+LMfNFv+p2Q6GuYImXcpaZ0tNeu0hU4xXu7+KHM+d941HCY1Pmux4Z3h1XBZ3XrnC/rYfxW7hpBep/odsFnLCiN5rA3ntuO2nT9PqlubtzvOZA42iZeaU8OZ3GF5WrCQxPQLTkKyPIPAJRprGo5STwG83UOHX+vwaxApOufkiowmpymYR3etQXguj/ACsDDw0+m/bEKYTfTsiRG3bQcOM9OAXRezFOOOOtItLTrLti7EWiEDTuGlq0AFd/vAnDSiZ4SjMQGDZYeb486y9/iOxBeQKN2A2LFGrUClLD6ZPOv6KZCTG9t2jVohx3ky4EpkzNRJLScHzh4R86zz+eRYMs65oNRY/aSR3lo/Z/ScwXfBJH8I4xtepVMue/JeuE6Ex9deUxQbbh5eHxQgPyylnSYS5Lki/Y8KOzy5b5YNKolzOnze3rw0VBp/1o/o0n8MLmCYH6Ohuwi2p37OIvGGBakJBsHU0h6D21tOvyzneSLhcHUQKWC34jusGGl/zDka672iwWKxvl6SE36kjUgvey X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR08MB6557 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT026.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: d2ef39c1-78c9-422f-50fc-08d8e4b72229 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: XFG/qw549kNdfDZjl2Hnud+rVHw5pNRaeC+qAlGLNTQwDmhu67UBN/OCXgSWg7i1yrEEOsfrp5E9JkP7VK/6NUoJOcwXuMdgl1HLSTlS2XdYzl4bfbssxKLUSs2n+jz17lDfrVS2MOeQUiUD/ceqhJN0NuNaYybddzcji5gOLcQGYuGtjqawiRbm4SAauVu6XqNPt2Nhl8d9QCrorO7Y0VYn/Xn+k1IrxQgfGGw4SYsbD2+Bi4XhGpT4Pz+/FHNpdUbjEEdCgENdDppLNyz/fMltpCuVgN5iJYkb7Fv4MYFtoznODWTPt75l2/0LR+HFShkEz3lUWHSrq9gJe6Vpt4wvHCUAKKmncWGINRKlKTFCmDs5YpJj/t5kRcMutkDp02os+8iqMxob0YHJNW/fSDvswOaQeY3Y/N65PTSvZjvgvRdQk4MHlOlhvhIQYnCUuHd0haNA10Dk40O0IaJ2Gyc4/lFVNkzXv1HVx4H3HbayEVRdk/ML9PB7bK3iSdx1abG9C5tTQ2vTCWPpDCt5DwrK84hR61wUV0JbNABlOfwkUbws0m44eS4fGRRF9sABFLRi882UHG7ej0hDSMXuQoJ1U66bIJI+flV/nAP2i9cL2+rJwz8hbxLYwHm9gV+QLuu+50xQBBNNwrE53K1iZB8qq7F0WxSRdF+aJneMGpdxOEjZUd+WEcz1Fv5NMo20 X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(346002)(376002)(396003)(136003)(39860400002)(46966006)(36840700001)(6506007)(86362001)(356005)(2616005)(316002)(70206006)(956004)(47076005)(6666004)(36756003)(82310400003)(83380400001)(44832011)(26005)(6862004)(8936002)(69590400012)(82740400003)(16526019)(6486002)(186003)(36860700001)(70586007)(2906002)(336012)(5660300002)(8676002)(478600001)(81166007)(6512007); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2021 17:57:36.0169 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 36514a65-ccad-494f-062b-08d8e4b72733 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT026.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB5443 X-Spam-Status: No, score=-14.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Szabolcs Nagy via Libc-alpha From: Szabolcs Nagy Reply-To: Szabolcs Nagy Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" At an _int_free call site in realloc the wrong size was used for tag clearing: the chunk header of the next chunk was also cleared which in practice may work, but logically wrong. The tag clearing is moved before the memcpy to save a tag computation, this avoids a chunk2mem. Another chunk2mem is removed because newmem does not have to be recomputed. Whitespaces got fixed too. --- malloc/malloc.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/malloc/malloc.c b/malloc/malloc.c index 8f8f12c276..51cec67e55 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -4851,14 +4851,14 @@ _int_realloc(mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize, } else { - void *oldmem = chunk2mem (oldp); + void *oldmem = chunk2rawmem (oldp); + size_t sz = CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ; + (void) TAG_REGION (oldmem, sz); newmem = TAG_NEW_USABLE (newmem); - memcpy (newmem, oldmem, - CHUNK_AVAILABLE_SIZE (oldp) - CHUNK_HDR_SZ); - (void) TAG_REGION (chunk2rawmem (oldp), oldsize); - _int_free (av, oldp, 1); - check_inuse_chunk (av, newp); - return chunk2mem (newp); + memcpy (newmem, oldmem, sz); + _int_free (av, oldp, 1); + check_inuse_chunk (av, newp); + return newmem; } } }