glibc/glibc-2.10-mcheck-free-race.diff

50 lines
1.2 KiB
Diff

2009-06-15 Petr Baudis <pasky@suse.cz>
* malloc/hooks.c (free_check): Do not invoke mem2chunk_check()
without main_arena mutex held.
diff --git a/malloc/hooks.c b/malloc/hooks.c
index 622a815..47d3c85 100644
--- malloc/hooks.c
+++ malloc/hooks.c
@@ -276,25 +276,33 @@ free_check(mem, caller) Void_t* mem; const Void_t *caller;
mchunkptr p;
if(!mem) return;
+#ifndef ATOMIC_FASTBINS
+ (void)mutex_lock(&main_arena.mutex);
+#endif
p = mem2chunk_check(mem, NULL);
if(!p) {
+#ifndef ATOMIC_FASTBINS
+ (void)mutex_unlock(&main_arena.mutex);
+#endif
malloc_printerr(check_action, "free(): invalid pointer", mem);
return;
}
#if HAVE_MMAP
if (chunk_is_mmapped(p)) {
munmap_chunk(p);
- return;
- }
+ } else
#endif
+ {
#if 0 /* Erase freed memory. */
- memset(mem, 0, chunksize(p) - (SIZE_SZ+1));
+ memset(mem, 0, chunksize(p) - (SIZE_SZ+1));
#endif
#ifdef ATOMIC_FASTBINS
- _int_free(&main_arena, p, 0);
+ _int_free(&main_arena, p, 0);
#else
- (void)mutex_lock(&main_arena.mutex);
- _int_free(&main_arena, p);
+ _int_free(&main_arena, p);
+#endif
+ }
+#ifndef ATOMIC_FASTBINS
(void)mutex_unlock(&main_arena.mutex);
#endif
}