glibc/glibc-rh757881.patch

171 lines
5.3 KiB
Diff
Raw Permalink Normal View History

Index: glibc-2.12-2-gc4ccff1/malloc/arena.c
===================================================================
--- glibc-2.12-2-gc4ccff1.orig/malloc/arena.c
+++ glibc-2.12-2-gc4ccff1/malloc/arena.c
@@ -870,7 +870,7 @@ heap_trim(heap, pad) heap_info *heap; si
heap = prev_heap;
if(!prev_inuse(p)) { /* consolidate backward */
p = prev_chunk(p);
- unlink(p, bck, fwd);
+ unlink(ar_ptr, p, bck, fwd);
}
assert(((unsigned long)((char*)p + new_size) & (pagesz-1)) == 0);
assert( ((char*)p + new_size) == ((char*)heap + heap->size) );
Index: glibc-2.12-2-gc4ccff1/malloc/hooks.c
===================================================================
--- glibc-2.12-2-gc4ccff1.orig/malloc/hooks.c
+++ glibc-2.12-2-gc4ccff1/malloc/hooks.c
@@ -219,7 +219,9 @@ top_check()
(char*)t + chunksize(t) == mp_.sbrk_base + main_arena.system_mem)))
return 0;
+ mutex_unlock(&main_arena);
malloc_printerr (check_action, "malloc: top chunk is corrupt", t);
+ mutex_lock(&main_arena);
/* Try to set up a new top chunk. */
brk = MORECORE(0);
Index: glibc-2.12-2-gc4ccff1/malloc/malloc.c
===================================================================
--- glibc-2.12-2-gc4ccff1.orig/malloc/malloc.c
+++ glibc-2.12-2-gc4ccff1/malloc/malloc.c
@@ -1541,12 +1541,14 @@
#define last(b) ((b)->bk)
/* Take a chunk off a bin list */
-#define unlink(P, BK, FD) { \
+#define unlink(AV, P, BK, FD) { \
FD = P->fd; \
BK = P->bk; \
- if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) \
+ if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) { \
+ mutex_unlock(&(AV)->mutex); \
malloc_printerr (check_action, "corrupted double-linked list", P); \
- else { \
+ mutex_lock(&(AV)->mutex); \
+ } else { \
FD->bk = BK; \
BK->fd = FD; \
if (!in_smallbin_range (P->size) \
@@ -2593,7 +2595,9 @@
else if (contiguous(av) && old_size && brk < old_end) {
/* Oops! Someone else killed our space.. Can't touch anything. */
+ mutex_unlock(&av->mutex);
malloc_printerr (3, "break adjusted to free malloc space", brk);
+ mutex_lock(&av->mutex);
}
/*
@@ -3467,7 +3471,9 @@
{
errstr = "malloc(): memory corruption (fast)";
errout:
+ mutex_unlock(&av->mutex);
malloc_printerr (check_action, errstr, chunk2mem (victim));
+ mutex_lock(&av->mutex);
return NULL;
}
check_remalloced_chunk(av, victim, nb);
@@ -3552,8 +3558,12 @@
bck = victim->bk;
if (__builtin_expect (victim->size <= 2 * SIZE_SZ, 0)
|| __builtin_expect (victim->size > av->system_mem, 0))
- malloc_printerr (check_action, "malloc(): memory corruption",
- chunk2mem (victim));
+ {
+ void *p = chunk2mem(victim);
+ mutex_unlock(&av->mutex);
+ malloc_printerr (check_action, "malloc(): memory corruption", p);
+ mutex_lock(&av->mutex);
+ }
size = chunksize(victim);
/*
@@ -3694,7 +3704,7 @@
victim = victim->fd;
remainder_size = size - nb;
- unlink(victim, bck, fwd);
+ unlink(av, victim, bck, fwd);
/* Exhaust */
if (remainder_size < MINSIZE) {
@@ -3792,7 +3802,7 @@
remainder_size = size - nb;
/* unlink */
- unlink(victim, bck, fwd);
+ unlink(av, victim, bck, fwd);
/* Exhaust */
if (remainder_size < MINSIZE) {
@@ -3927,9 +3937,11 @@
{
errstr = "free(): invalid pointer";
errout:
- if (! have_lock && locked)
+ if (have_lock || locked)
(void)mutex_unlock(&av->mutex);
malloc_printerr (check_action, errstr, chunk2mem(p));
+ if (have_lock)
+ mutex_lock(&av->mutex);
return;
}
/* We know that each chunk is at least MINSIZE bytes in size. */
@@ -4073,7 +4085,7 @@
prevsize = p->prev_size;
size += prevsize;
p = chunk_at_offset(p, -((long) prevsize));
- unlink(p, bck, fwd);
+ unlink(av, p, bck, fwd);
}
if (nextchunk != av->top) {
@@ -4082,7 +4094,7 @@
/* consolidate forward */
if (!nextinuse) {
- unlink(nextchunk, bck, fwd);
+ unlink(av, nextchunk, bck, fwd);
size += nextsize;
} else
clear_inuse_bit_at_offset(nextchunk, 0);
@@ -4243,7 +4255,7 @@
prevsize = p->prev_size;
size += prevsize;
p = chunk_at_offset(p, -((long) prevsize));
- unlink(p, bck, fwd);
+ unlink(av, p, bck, fwd);
}
if (nextchunk != av->top) {
@@ -4251,7 +4263,7 @@
if (!nextinuse) {
size += nextsize;
- unlink(nextchunk, bck, fwd);
+ unlink(av, nextchunk, bck, fwd);
} else
clear_inuse_bit_at_offset(nextchunk, 0);
@@ -4320,7 +4332,9 @@
{
errstr = "realloc(): invalid old size";
errout:
+ mutex_unlock(&av->mutex);
malloc_printerr (check_action, errstr, chunk2mem(oldp));
+ mutex_lock(&av->mutex);
return NULL;
}
@@ -4362,7 +4376,7 @@
(unsigned long)(newsize = oldsize + nextsize) >=
(unsigned long)(nb)) {
newp = oldp;
- unlink(next, bck, fwd);
+ unlink(av, next, bck, fwd);
}
/* allocate, copy, free */