summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2015-06-22 18:50:09 +0000
committerRich Felker <dalias@aerifal.cx>2015-06-22 18:50:09 +0000
commitba819787ee93ceae94efd274f7849e317c1bff58 (patch)
tree0de9857d6e6567934f23ffe1eb17ed4cee448d21
parent55d061f031085f24d138664c897791aebe9a2fab (diff)
downloadmusl-ba819787ee93ceae94efd274f7849e317c1bff58.tar.gz
fix calloc when __simple_malloc implementation is used
previously, calloc's implementation encoded assumptions about the implementation of malloc, accessing a size_t word just prior to the allocated memory to determine if it was obtained by mmap to optimize out the zero-filling. when __simple_malloc is used (static linking a program with no realloc/free), it doesn't matter if the result of this check is wrong, since all allocations are zero-initialized anyway. but the access could be invalid if it crosses a page boundary or if the pointer is not sufficiently aligned, which can happen for very small allocations. this patch fixes the issue by moving the zero-fill logic into malloc.c with the full malloc, as a new function named __malloc0, which is provided by a weak alias to __simple_malloc (which always gives zero-filled memory) when the full malloc is not in use.
-rw-r--r--src/malloc/calloc.c15
-rw-r--r--src/malloc/lite_malloc.c1
-rw-r--r--src/malloc/malloc.c11
3 files changed, 15 insertions, 12 deletions
diff --git a/src/malloc/calloc.c b/src/malloc/calloc.c
index c3dfb473..436c0b03 100644
--- a/src/malloc/calloc.c
+++ b/src/malloc/calloc.c
@@ -1,22 +1,13 @@
#include <stdlib.h>
#include <errno.h>
+void *__malloc0(size_t);
+
void *calloc(size_t m, size_t n)
{
- void *p;
- size_t *z;
if (n && m > (size_t)-1/n) {
errno = ENOMEM;
return 0;
}
- n *= m;
- p = malloc(n);
- if (!p) return 0;
- /* Only do this for non-mmapped chunks */
- if (((size_t *)p)[-1] & 7) {
- /* Only write words that are not already zero */
- m = (n + sizeof *z - 1)/sizeof *z;
- for (z=p; m; m--, z++) if (*z) *z=0;
- }
- return p;
+ return __malloc0(n * m);
}
diff --git a/src/malloc/lite_malloc.c b/src/malloc/lite_malloc.c
index 008549d6..b09f30b0 100644
--- a/src/malloc/lite_malloc.c
+++ b/src/malloc/lite_malloc.c
@@ -47,3 +47,4 @@ void *__simple_malloc(size_t n)
}
weak_alias(__simple_malloc, malloc);
+weak_alias(__simple_malloc, malloc0);
diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c
index 290fda1c..eb68d554 100644
--- a/src/malloc/malloc.c
+++ b/src/malloc/malloc.c
@@ -356,6 +356,17 @@ void *malloc(size_t n)
return CHUNK_TO_MEM(c);
}
+void *__malloc0(size_t n)
+{
+ void *p = malloc(n);
+ if (p && !IS_MMAPPED(MEM_TO_CHUNK(p))) {
+ size_t *z;
+ n = (n + sizeof *z - 1)/sizeof *z;
+ for (z=p; n; n--, z++) if (*z) *z=0;
+ }
+ return p;
+}
+
void *realloc(void *p, size_t n)
{
struct chunk *self, *next;