musl/src/malloc, branch v1.1.20 musl - an implementation of the standard library for Linux-based systems reintroduce hardening against partially-replaced allocator 2018-04-20T02:22:11+00:00 Rich Felker dalias@aerifal.cx 2018-04-20T02:19:29+00:00 b4b1e10364c8737a632be61582e05a8d3acf5690 commit 618b18c78e33acfe54a4434e91aa57b8e171df89 removed the previous detection and hardening since it was incorrect. commit 72141795d4edd17f88da192447395a48444afa10 already handled all that remained for hardening the static-linked case. in the dynamic-linked case, have the dynamic linker check whether malloc was replaced and make that information available. with these changes, the properties documented in commit c9f415d7ea2dace5bf77f6518b6afc36bb7a5732 are restored: if calloc is not provided, it will behave as malloc+memset, and any of the memalign-family functions not provided will fail with ENOMEM. 
commit 618b18c78e33acfe54a4434e91aa57b8e171df89 removed the previous
detection and hardening since it was incorrect. commit
72141795d4edd17f88da192447395a48444afa10 already handled all that
remained for hardening the static-linked case. in the dynamic-linked
case, have the dynamic linker check whether malloc was replaced and
make that information available.

with these changes, the properties documented in commit
c9f415d7ea2dace5bf77f6518b6afc36bb7a5732 are restored: if calloc is
not provided, it will behave as malloc+memset, and any of the
memalign-family functions not provided will fail with ENOMEM.
return chunks split off by memalign using __bin_chunk instead of free 2018-04-20T00:56:26+00:00 Rich Felker dalias@aerifal.cx 2018-04-20T00:56:26+00:00 72141795d4edd17f88da192447395a48444afa10 this change serves multiple purposes: 1. it ensures that static linking of memalign-family functions will pull in the system malloc implementation, thereby causing link errors if an attempt is made to link the system memalign functions with a replacement malloc (incomplete allocator replacement). 2. it eliminates calls to free that are unpaired with allocations, which are confusing when setting breakpoints or tracing execution. as a bonus, making __bin_chunk external may discourage aggressive and unnecessary inlining of it. 
this change serves multiple purposes:

1. it ensures that static linking of memalign-family functions will
pull in the system malloc implementation, thereby causing link errors
if an attempt is made to link the system memalign functions with a
replacement malloc (incomplete allocator replacement).

2. it eliminates calls to free that are unpaired with allocations,
which are confusing when setting breakpoints or tracing execution.

as a bonus, making __bin_chunk external may discourage aggressive and
unnecessary inlining of it.
using malloc implementation types/macros/idioms for memalign 2018-04-20T00:45:48+00:00 Rich Felker dalias@aerifal.cx 2018-04-20T00:45:48+00:00 3c2cbbe7ba8b4486299ae0d5336ae01ab520d116 the generated code should be mostly unchanged, except for explicit use of C_INUSE in place of copying the low bits from existing chunk headers/footers. these changes also remove mild UB due to dubious arithmetic on pointers into imaginary size_t[] arrays. 
the generated code should be mostly unchanged, except for explicit use
of C_INUSE in place of copying the low bits from existing chunk
headers/footers.

these changes also remove mild UB due to dubious arithmetic on
pointers into imaginary size_t[] arrays.
move malloc implementation types and macros to an internal header 2018-04-19T22:44:17+00:00 Rich Felker dalias@aerifal.cx 2018-04-19T22:43:05+00:00 23389b1988b061e8487c316893a8a8eb77770a2f 






revert detection of partially-replaced allocator
2018-04-19T19:25:48+00:00

Rich Felker
dalias@aerifal.cx

2018-04-19T19:25:48+00:00

618b18c78e33acfe54a4434e91aa57b8e171df89

commit c9f415d7ea2dace5bf77f6518b6afc36bb7a5732 included checks to
make calloc fallback to memset if used with a replaced malloc that
didn't also replace calloc, and the memalign family fail if free has
been replaced. however, the checks gave false positives for
replacement whenever malloc or free resolved to a PLT entry in the
main program.

for now, disable the checks so as not to leave libc in a broken state.
this means that the properties documented in the above commit are no
longer satisfied; failure to replace calloc and the memalign family
along with malloc is unsafe if they are ever called.

the calloc checks were correct but useless for static linking. in both
cases (simple or full malloc), calloc and malloc are in a source file
together, so replacement of one but not the other would give linking
errors. the memalign-family check was useful for static linking, but
broken for dynamic as described above, and can be replaced with a
better link-time check.





commit c9f415d7ea2dace5bf77f6518b6afc36bb7a5732 included checks to
make calloc fallback to memset if used with a replaced malloc that
didn't also replace calloc, and the memalign family fail if free has
been replaced. however, the checks gave false positives for
replacement whenever malloc or free resolved to a PLT entry in the
main program.

for now, disable the checks so as not to leave libc in a broken state.
this means that the properties documented in the above commit are no
longer satisfied; failure to replace calloc and the memalign family
along with malloc is unsafe if they are ever called.

the calloc checks were correct but useless for static linking. in both
cases (simple or full malloc), calloc and malloc are in a source file
together, so replacement of one but not the other would give linking
errors. the memalign-family check was useful for static linking, but
broken for dynamic as described above, and can be replaced with a
better link-time check.







allow interposition/replacement of allocator (malloc)
2018-04-18T18:22:49+00:00

Rich Felker
dalias@aerifal.cx

2018-04-17T22:36:19+00:00

c9f415d7ea2dace5bf77f6518b6afc36bb7a5732

replacement is subject to conditions on the replacement functions.
they may only call functions which are async-signal-safe, as specified
either by POSIX or as an implementation-defined extension. if any
allocator functions are replaced, at least malloc, realloc, and free
must be provided. if calloc is not provided, it will behave as
malloc+memset. any of the memalign-family functions not provided will
fail with ENOMEM.

in order to implement the above properties, calloc and __memalign
check that they are using their own malloc or free, respectively.
choice to check malloc or free is based on considerations of
supporting __simple_malloc. in order to make this work, calloc is
split into separate versions for __simple_malloc and full malloc;
commit ba819787ee93ceae94efd274f7849e317c1bff58 already did most of
the split anyway, and completing it saves an extra call frame.

previously, use of -Bsymbolic-functions made dynamic interposition
impossible. now, we are using an explicit dynamic-list, so add
allocator functions to the list. most are not referenced anyway, but
all are added for completeness.





replacement is subject to conditions on the replacement functions.
they may only call functions which are async-signal-safe, as specified
either by POSIX or as an implementation-defined extension. if any
allocator functions are replaced, at least malloc, realloc, and free
must be provided. if calloc is not provided, it will behave as
malloc+memset. any of the memalign-family functions not provided will
fail with ENOMEM.

in order to implement the above properties, calloc and __memalign
check that they are using their own malloc or free, respectively.
choice to check malloc or free is based on considerations of
supporting __simple_malloc. in order to make this work, calloc is
split into separate versions for __simple_malloc and full malloc;
commit ba819787ee93ceae94efd274f7849e317c1bff58 already did most of
the split anyway, and completing it saves an extra call frame.

previously, use of -Bsymbolic-functions made dynamic interposition
impossible. now, we are using an explicit dynamic-list, so add
allocator functions to the list. most are not referenced anyway, but
all are added for completeness.







remove unused __brk function/source file
2018-04-17T23:23:01+00:00

Rich Felker
dalias@aerifal.cx

2018-04-17T20:37:30+00:00

502027540bafd0681bfc46b0ae28639e51bba6a6

commit e3bc22f1eff87b8f029a6ab31f1a269d69e4b053 removed all references
to __brk.





commit e3bc22f1eff87b8f029a6ab31f1a269d69e4b053 removed all references
to __brk.







comment __malloc_donate overflow logic
2018-04-17T23:23:01+00:00

Rich Felker
dalias@aerifal.cx

2018-04-17T19:18:49+00:00

14032c30e2d41e5c0dac25d399f7086f74d4e0c8












ldso, malloc: implement reclaim_gaps via __malloc_donate
2018-04-17T23:23:00+00:00

Alexander Monakov
amonakov@ispras.ru

2018-04-16T17:54:36+00:00

ce7ae11acfd9db8eb92cc6823c132e1825918d92

Split 'free' into unmap_chunk and bin_chunk, use the latter to introduce
__malloc_donate and use it in reclaim_gaps instead of calling 'free'.





Split 'free' into unmap_chunk and bin_chunk, use the latter to introduce
__malloc_donate and use it in reclaim_gaps instead of calling 'free'.







malloc: fix an over-allocation bug
2018-04-17T23:23:00+00:00

Alexander Monakov
amonakov@ispras.ru

2018-04-16T17:54:35+00:00

d889cc3463edc92869676c1eec34a8f52d942adb

Fix an instance where realloc code would overallocate by OVERHEAD bytes
amount. Manually arrange for reuse of memcpy-free-return exit sequence.





Fix an instance where realloc code would overallocate by OVERHEAD bytes
amount. Manually arrange for reuse of memcpy-free-return exit sequence.