| From b9cde4e3aa1ff338da7064daf1386b2f4a7351ba Mon Sep 17 00:00:00 2001 |
| From: DJ Delorie <dj@redhat.com> |
| Date: Sat, 4 Apr 2020 01:44:56 -0400 |
| Subject: malloc: ensure set_max_fast never stores zero [BZ #25733] |
| |
| The code for set_max_fast() stores an "impossibly small value" |
| instead of zero, when the parameter is zero. However, for |
| small values of the parameter (ex: 1 or 2) the computation |
| results in a zero being stored anyway. |
| |
| This patch checks for the parameter being small enough for the |
| computation to result in zero instead, so that a zero is never |
| stored. |
| |
| key values which result in zero being stored: |
| |
| x86-64: 1..7 (or other 64-bit) |
| i686: 1..11 |
| armhfp: 1..3 (or other 32-bit) |
| |
| Reviewed-by: Carlos O'Donell <carlos@redhat.com> |
| |
| diff --git a/malloc/malloc.c b/malloc/malloc.c |
| index 6acb5ad43a..ee87ddbbf9 100644 |
| |
| |
| @@ -1632,7 +1632,7 @@ static INTERNAL_SIZE_T global_max_fast; |
| */ |
| |
| #define set_max_fast(s) \ |
| - global_max_fast = (((s) == 0) \ |
| + global_max_fast = (((size_t) (s) <= MALLOC_ALIGN_MASK - SIZE_SZ) \ |
| ? MIN_CHUNK_SIZE / 2 : ((s + SIZE_SZ) & ~MALLOC_ALIGN_MASK)) |
| |
| static inline INTERNAL_SIZE_T |