d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

malloc_aligned() may not leave enough space for pointer to allocated memory,

Browse Source 
saving the pointer will overwrite bytes belongs to another memory block
unexpectly, to fix the problem, use (allocated address + sizeof(void *)) as
initial value, and slip to next aligned address, so maximum extra bytes is
sizeof(void *) + align - 1.

Tested by: Andre Albsmeier < mail at ma17 dot ata dot myota dot orgndre >
This commit is contained in:
David Xu 2014-02-21 03:36:16 +00:00
parent 182d7debb9
commit 209782e06f
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libexec/rtld-elf/xmalloc.c
View File

@ -72,14 +72,14 @@ void *
malloc_aligned(size_t size, size_t align)
{
void *mem, *res;
uintptr_t x;
size_t asize, r;
r = round(sizeof(void *), align);
asize = round(size, align) + r;
mem = xmalloc(asize);
x = (uintptr_t)mem;
res = (void *)round(x, align);
if (align & (sizeof(void *) -1)) {
rtld_fdputstr(STDERR_FILENO, "Invalid alignment\n");
_exit(1);
}
mem = xmalloc(size + sizeof(void *) + align - 1);
res = (void *)round((uintptr_t)mem + sizeof(void *), align);
*(void **)((uintptr_t)res - sizeof(void *)) = mem;
return (res);
}