about summary refs log tree commit diff
path: root/malloc
diff options
context:
space:
mode:
authorDJ Delorie <dj@redhat.com>2020-04-04 01:44:56 -0400
committerDJ Delorie <dj@redhat.com>2020-04-06 16:27:53 -0400
commitb9cde4e3aa1ff338da7064daf1386b2f4a7351ba (patch)
treeaeb6c2e6b1878334bc18cb8729f16d0e3a1da3e3 /malloc
parent4531ba8ebfedf97a31834201eaaf71c375793de2 (diff)
downloadglibc-b9cde4e3aa1ff338da7064daf1386b2f4a7351ba.tar.gz
glibc-b9cde4e3aa1ff338da7064daf1386b2f4a7351ba.tar.xz
glibc-b9cde4e3aa1ff338da7064daf1386b2f4a7351ba.zip
malloc: ensure set_max_fast never stores zero [BZ #25733]
The code for set_max_fast() stores an "impossibly small value"
instead of zero, when the parameter is zero.  However, for
small values of the parameter (ex: 1 or 2) the computation
results in a zero being stored anyway.

This patch checks for the parameter being small enough for the
computation to result in zero instead, so that a zero is never
stored.

key values which result in zero being stored:

x86-64:  1..7  (or other 64-bit)
i686:    1..11
armhfp:  1..3  (or other 32-bit)

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Diffstat (limited to 'malloc')
-rw-r--r--malloc/malloc.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 6acb5ad43a..ee87ddbbf9 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -1632,7 +1632,7 @@ static INTERNAL_SIZE_T global_max_fast;
  */
 
 #define set_max_fast(s) \
-  global_max_fast = (((s) == 0)						      \
+  global_max_fast = (((size_t) (s) <= MALLOC_ALIGN_MASK - SIZE_SZ)	\
                      ? MIN_CHUNK_SIZE / 2 : ((s + SIZE_SZ) & ~MALLOC_ALIGN_MASK))
 
 static inline INTERNAL_SIZE_T