about summary refs log tree commit diff
diff options
context:
space:
mode:
authorSiddhesh Poyarekar <siddhesh@redhat.com>2015-08-24 14:33:07 +0530
committerSiddhesh Poyarekar <siddhesh@redhat.com>2015-08-24 14:33:07 +0530
commitc3b9ef8dfc83e9d17da5adc73709d2f7dfbbaf13 (patch)
tree904dfa22fa029a0fa6b8b43af3f47a3c935f8f28
parent92a9b22d70b85b7edd0484db8bf2465a969fb09e (diff)
downloadglibc-c3b9ef8dfc83e9d17da5adc73709d2f7dfbbaf13.tar.gz
glibc-c3b9ef8dfc83e9d17da5adc73709d2f7dfbbaf13.tar.xz
glibc-c3b9ef8dfc83e9d17da5adc73709d2f7dfbbaf13.zip
Don't use the main arena in retry path if it is corrupt
If allocation on a non-main arena fails, the main arena is used
without checking to see if it is corrupt.  Add a check that avoids the
main arena if it is corrupt.

	* malloc/arena.c (arena_get_retry): Don't use main_arena if it is
	corrupt.
-rw-r--r--ChangeLog3
-rw-r--r--malloc/arena.c4
2 files changed, 7 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 1b5b03e666..dae71cecec 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2015-08-24  Siddhesh Poyarekar  <siddhesh@redhat.com>
 
+	* malloc/arena.c (arena_get_retry): Don't use main_arena if it
+	is corrupt.
+
 	* malloc/arena.c (arena_get2): Drop unused argument.
 	(arena_lock): Adjust.
 	(arena_get_retry): Likewise.
diff --git a/malloc/arena.c b/malloc/arena.c
index cfec94d182..b44e307ade 100644
--- a/malloc/arena.c
+++ b/malloc/arena.c
@@ -909,6 +909,10 @@ arena_get_retry (mstate ar_ptr, size_t bytes)
   if (ar_ptr != &main_arena)
     {
       (void) mutex_unlock (&ar_ptr->mutex);
+      /* Don't touch the main arena if it is corrupt.  */
+      if (arena_is_corrupt (&main_arena))
+	return NULL;
+
       ar_ptr = &main_arena;
       (void) mutex_lock (&ar_ptr->mutex);
     }