From ba819787ee93ceae94efd274f7849e317c1bff58 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Mon, 22 Jun 2015 18:50:09 +0000 Subject: fix calloc when __simple_malloc implementation is used previously, calloc's implementation encoded assumptions about the implementation of malloc, accessing a size_t word just prior to the allocated memory to determine if it was obtained by mmap to optimize out the zero-filling. when __simple_malloc is used (static linking a program with no realloc/free), it doesn't matter if the result of this check is wrong, since all allocations are zero-initialized anyway. but the access could be invalid if it crosses a page boundary or if the pointer is not sufficiently aligned, which can happen for very small allocations. this patch fixes the issue by moving the zero-fill logic into malloc.c with the full malloc, as a new function named __malloc0, which is provided by a weak alias to __simple_malloc (which always gives zero-filled memory) when the full malloc is not in use. --- src/malloc/calloc.c | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) (limited to 'src/malloc/calloc.c') diff --git a/src/malloc/calloc.c b/src/malloc/calloc.c index c3dfb473..436c0b03 100644 --- a/src/malloc/calloc.c +++ b/src/malloc/calloc.c @@ -1,22 +1,13 @@ #include #include +void *__malloc0(size_t); + void *calloc(size_t m, size_t n) { - void *p; - size_t *z; if (n && m > (size_t)-1/n) { errno = ENOMEM; return 0; } - n *= m; - p = malloc(n); - if (!p) return 0; - /* Only do this for non-mmapped chunks */ - if (((size_t *)p)[-1] & 7) { - /* Only write words that are not already zero */ - m = (n + sizeof *z - 1)/sizeof *z; - for (z=p; m; m--, z++) if (*z) *z=0; - } - return p; + return __malloc0(n * m); } -- cgit 1.4.1