X-Git-Url: http://nsz.repo.hu/git/?a=blobdiff_plain;ds=inline;f=src%2Fmalloc%2Fmalloc.c;h=d6ad90414fc799f861ed58500d56b62b611ffa6e;hb=0a8d98285f46f721dabf38485df916c02d6a4675;hp=88a31ae4f5b0293d3afb73c931f6d828f9d891c9;hpb=afd209deb7d3bfc9cc31713e2cb8f22693ca6fae;p=musl

diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c
index 88a31ae4..d6ad9041 100644
--- a/src/malloc/malloc.c
+++ b/src/malloc/malloc.c
@@ -64,28 +64,27 @@ static struct {
 
 static inline void lock(volatile int *lk)
 {
-	if (!libc.threads_minus_1) return;
-	while(a_swap(lk, 1)) __wait(lk, lk+1, 1, 1);
+	if (libc.threads_minus_1)
+		while(a_swap(lk, 1)) __wait(lk, lk+1, 1, 1);
 }
 
 static inline void unlock(volatile int *lk)
 {
-	if (!libc.threads_minus_1) return;
-	a_store(lk, 0);
-	if (lk[1]) __wake(lk, 1, 1);
+	if (lk[0]) {
+		a_store(lk, 0);
+		if (lk[1]) __wake(lk, 1, 1);
+	}
 }
 
 static inline void lock_bin(int i)
 {
-	if (libc.threads_minus_1)
-		lock(mal.bins[i].lock);
+	lock(mal.bins[i].lock);
 	if (!mal.bins[i].head)
 		mal.bins[i].head = mal.bins[i].tail = BIN_TO_CHUNK(i);
 }
 
 static inline void unlock_bin(int i)
 {
-	if (!libc.threads_minus_1) return;
 	unlock(mal.bins[i].lock);
 }
 
@@ -178,6 +177,7 @@ static struct chunk *expand_heap(size_t n)
 	return w;
 fail:
 	unlock(mal.brk_lock);
+	errno = ENOMEM;
 	return 0;
 }
 
@@ -196,7 +196,11 @@ static int init_malloc(size_t n)
 		return 0;
 	}
 
-	mal.brk = __brk(0) + 2*SIZE_ALIGN-1 & -SIZE_ALIGN;
+	mal.brk = __brk(0);
+#ifdef SHARED
+	mal.brk = mal.brk + PAGE_SIZE-1 & -PAGE_SIZE;
+#endif
+	mal.brk = mal.brk + 2*SIZE_ALIGN-1 & -SIZE_ALIGN;
 
 	c = expand_heap(n);
 
@@ -414,6 +418,9 @@ void *realloc(void *p, size_t n)
 
 	next = NEXT_CHUNK(self);
 
+	/* Crash on corrupted footer (likely from buffer overflow) */
+	if (next->psize != self->csize) a_crash();
+
 	/* Merge adjacent chunks if we need more space. This is not
 	 * a waste of time even if we fail to get enough space, because our
 	 * subsequent call to free would otherwise have to do the merge. */
@@ -467,6 +474,9 @@ void free(void *p)
 	final_size = new_size = CHUNK_SIZE(self);
 	next = NEXT_CHUNK(self);
 
+	/* Crash on corrupted footer (likely from buffer overflow) */
+	if (next->psize != self->csize) a_crash();
+
 	for (;;) {
 		/* Replace middle of large chunks with fresh zero pages */
 		if (reclaim && (self->psize & next->csize & C_INUSE)) {