diff options
author | DJ Delorie <dj@redhat.com> | 2020-04-04 01:44:56 -0400 |
---|---|---|
committer | DJ Delorie <dj@redhat.com> | 2020-04-06 16:27:53 -0400 |
commit | b9cde4e3aa1ff338da7064daf1386b2f4a7351ba (patch) | |
tree | aeb6c2e6b1878334bc18cb8729f16d0e3a1da3e3 /malloc | |
parent | 4531ba8ebfedf97a31834201eaaf71c375793de2 (diff) | |
download | glibc-b9cde4e3aa1ff338da7064daf1386b2f4a7351ba.tar.gz glibc-b9cde4e3aa1ff338da7064daf1386b2f4a7351ba.tar.xz glibc-b9cde4e3aa1ff338da7064daf1386b2f4a7351ba.zip |
malloc: ensure set_max_fast never stores zero [BZ #25733]
The code for set_max_fast() stores an "impossibly small value" instead of zero, when the parameter is zero. However, for small values of the parameter (ex: 1 or 2) the computation results in a zero being stored anyway. This patch checks for the parameter being small enough for the computation to result in zero instead, so that a zero is never stored. key values which result in zero being stored: x86-64: 1..7 (or other 64-bit) i686: 1..11 armhfp: 1..3 (or other 32-bit) Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Diffstat (limited to 'malloc')
-rw-r--r-- | malloc/malloc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/malloc/malloc.c b/malloc/malloc.c index 6acb5ad43a..ee87ddbbf9 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -1632,7 +1632,7 @@ static INTERNAL_SIZE_T global_max_fast; */ #define set_max_fast(s) \ - global_max_fast = (((s) == 0) \ + global_max_fast = (((size_t) (s) <= MALLOC_ALIGN_MASK - SIZE_SZ) \ ? MIN_CHUNK_SIZE / 2 : ((s + SIZE_SZ) & ~MALLOC_ALIGN_MASK)) static inline INTERNAL_SIZE_T |