previously, calloc's implementation encoded assumptions about the
implementation of malloc, accessing a size_t word just prior to the
allocated memory to determine if it was obtained by mmap to optimize
out the zero-filling. when __simple_malloc is used (static linking a
program with no realloc/free), it doesn't matter if the result of this
check is wrong, since all allocations are zero-initialized anyway. but
the access could be invalid if it crosses a page boundary or if the
pointer is not sufficiently aligned, which can happen for very small
allocations.
this patch fixes the issue by moving the zero-fill logic into malloc.c
with the full malloc, as a new function named __malloc0, which is
provided by a weak alias to __simple_malloc (which always gives
zero-filled memory) when the full malloc is not in use.
#include <stdlib.h>
#include <errno.h>
+void *__malloc0(size_t);
+
void *calloc(size_t m, size_t n)
{
- void *p;
- size_t *z;
if (n && m > (size_t)-1/n) {
errno = ENOMEM;
return 0;
}
- n *= m;
- p = malloc(n);
- if (!p) return 0;
- /* Only do this for non-mmapped chunks */
- if (((size_t *)p)[-1] & 7) {
- /* Only write words that are not already zero */
- m = (n + sizeof *z - 1)/sizeof *z;
- for (z=p; m; m--, z++) if (*z) *z=0;
- }
- return p;
+ return __malloc0(n * m);
}
}
weak_alias(__simple_malloc, malloc);
+weak_alias(__simple_malloc, malloc0);
return CHUNK_TO_MEM(c);
}
+void *__malloc0(size_t n)
+{
+ void *p = malloc(n);
+ if (p && !IS_MMAPPED(MEM_TO_CHUNK(p))) {
+ size_t *z;
+ n = (n + sizeof *z - 1)/sizeof *z;
+ for (z=p; n; n--, z++) if (*z) *z=0;
+ }
+ return p;
+}
+
void *realloc(void *p, size_t n)
{
struct chunk *self, *next;
projects / musl / commitdiff