1996-12-08 16:01:13 +08:00
|
|
|
/* Prototypes and definition for malloc implementation.
|
2019-01-01 08:11:28 +08:00
|
|
|
Copyright (C) 1996-2019 Free Software Foundation, Inc.
|
1996-12-08 16:01:13 +08:00
|
|
|
This file is part of the GNU C Library.
|
|
|
|
|
|
|
|
The GNU C Library is free software; you can redistribute it and/or
|
2001-07-06 12:58:11 +08:00
|
|
|
modify it under the terms of the GNU Lesser General Public
|
|
|
|
License as published by the Free Software Foundation; either
|
|
|
|
version 2.1 of the License, or (at your option) any later version.
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
The GNU C Library is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
2001-07-06 12:58:11 +08:00
|
|
|
Lesser General Public License for more details.
|
1996-12-08 16:01:13 +08:00
|
|
|
|
2001-07-06 12:58:11 +08:00
|
|
|
You should have received a copy of the GNU Lesser General Public
|
2012-02-10 07:18:22 +08:00
|
|
|
License along with the GNU C Library; if not, see
|
|
|
|
<http://www.gnu.org/licenses/>. */
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
#ifndef _MALLOC_H
|
1996-12-10 11:08:06 +08:00
|
|
|
#define _MALLOC_H 1
|
1996-12-08 16:01:13 +08:00
|
|
|
|
1999-06-19 17:58:37 +08:00
|
|
|
#include <features.h>
|
2005-01-12 09:56:21 +08:00
|
|
|
#include <stddef.h>
|
2009-04-09 13:45:42 +08:00
|
|
|
#include <stdio.h>
|
1996-12-08 16:01:13 +08:00
|
|
|
|
2013-01-07 23:00:47 +08:00
|
|
|
#ifdef _LIBC
|
2011-05-30 08:40:08 +08:00
|
|
|
# define __MALLOC_HOOK_VOLATILE
|
2013-01-07 23:00:47 +08:00
|
|
|
# define __MALLOC_DEPRECATED
|
|
|
|
#else
|
|
|
|
# define __MALLOC_HOOK_VOLATILE volatile
|
2011-05-30 09:10:23 +08:00
|
|
|
# define __MALLOC_DEPRECATED __attribute_deprecated__
|
2013-01-07 23:00:47 +08:00
|
|
|
#endif
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
|
2005-01-12 09:56:21 +08:00
|
|
|
__BEGIN_DECLS
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
/* Allocate SIZE bytes of memory. */
|
malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)
As discussed previously on libc-alpha [1], this patch follows up the idea
and add both the __attribute_alloc_size__ on malloc functions (malloc,
calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit
maximum requested allocation size to up PTRDIFF_MAX (taking into
consideration internal padding and alignment).
This aligns glibc with gcc expected size defined by default warning
-Walloc-size-larger-than value which warns for allocation larger than
PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and
expected size, such as described in PR#67999 [2] and previously discussed
ISO C11 issues [3] on libc-alpha.
From the RFC thread [4] and previous discussion, it seems that consensus
is only to limit such requested size for malloc functions, not the system
allocation one (mmap, sbrk, etc.).
The implementation changes checked_request2size to check for both overflow
and maximum object size up to PTRDIFF_MAX. No additional checks are done
on sysmalloc, so it can still issue mmap with values larger than
PTRDIFF_T depending on the requested size.
The __attribute_alloc_size__ is for functions that return a pointer only,
which means it cannot be applied to posix_memalign (see remarks in GCC
PR#87683 [5]). The runtimes checks to limit maximum requested allocation
size does applies to posix_memalign.
Checked on x86_64-linux-gnu and i686-linux-gnu.
[1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999
[3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html
[4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html
[5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683
[BZ #23741]
* malloc/hooks.c (malloc_check, realloc_check): Use
__builtin_add_overflow on overflow check and adapt to
checked_request2size change.
* malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign,
__libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum
allocation size to PTRDIFF_MAX.
(REQUEST_OUT_OF_RANGE): Remove macro.
(checked_request2size): Change to inline function and limit maximum
requested size to PTRDIFF_MAX.
(__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit
maximum allocation size to PTRDIFF_MAX.
(_mid_memalign): Use _int_memalign call for overflow check.
(__libc_pvalloc): Use __builtin_add_overflow on overflow check.
(__libc_calloc): Use __builtin_mul_overflow for overflow check and
limit maximum requested size to PTRDIFF_MAX.
* malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign,
valloc, pvalloc): Add __attribute_alloc_size__.
* stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise.
* malloc/tst-malloc-too-large.c (do_test): Add check for allocation
larger than PTRDIFF_MAX.
* malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than=
around tests of malloc with negative sizes.
* malloc/tst-posix_memalign.c (do_test): Likewise.
* malloc/tst-pvalloc.c (do_test): Likewise.
* malloc/tst-valloc.c (do_test): Likewise.
* malloc/tst-reallocarray.c (do_test): Replace call to reallocarray
with resulting size allocation larger than PTRDIFF_MAX with
reallocarray_nowarn.
(reallocarray_nowarn): New function.
* NEWS: Mention the malloc function semantic change.
2018-12-19 02:30:56 +08:00
|
|
|
extern void *malloc (size_t __size) __THROW __attribute_malloc__
|
|
|
|
__attribute_alloc_size__ ((1)) __wur;
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
/* Allocate NMEMB elements of SIZE bytes each, all initialized to 0. */
|
2011-05-30 08:40:08 +08:00
|
|
|
extern void *calloc (size_t __nmemb, size_t __size)
|
malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)
As discussed previously on libc-alpha [1], this patch follows up the idea
and add both the __attribute_alloc_size__ on malloc functions (malloc,
calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit
maximum requested allocation size to up PTRDIFF_MAX (taking into
consideration internal padding and alignment).
This aligns glibc with gcc expected size defined by default warning
-Walloc-size-larger-than value which warns for allocation larger than
PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and
expected size, such as described in PR#67999 [2] and previously discussed
ISO C11 issues [3] on libc-alpha.
From the RFC thread [4] and previous discussion, it seems that consensus
is only to limit such requested size for malloc functions, not the system
allocation one (mmap, sbrk, etc.).
The implementation changes checked_request2size to check for both overflow
and maximum object size up to PTRDIFF_MAX. No additional checks are done
on sysmalloc, so it can still issue mmap with values larger than
PTRDIFF_T depending on the requested size.
The __attribute_alloc_size__ is for functions that return a pointer only,
which means it cannot be applied to posix_memalign (see remarks in GCC
PR#87683 [5]). The runtimes checks to limit maximum requested allocation
size does applies to posix_memalign.
Checked on x86_64-linux-gnu and i686-linux-gnu.
[1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999
[3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html
[4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html
[5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683
[BZ #23741]
* malloc/hooks.c (malloc_check, realloc_check): Use
__builtin_add_overflow on overflow check and adapt to
checked_request2size change.
* malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign,
__libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum
allocation size to PTRDIFF_MAX.
(REQUEST_OUT_OF_RANGE): Remove macro.
(checked_request2size): Change to inline function and limit maximum
requested size to PTRDIFF_MAX.
(__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit
maximum allocation size to PTRDIFF_MAX.
(_mid_memalign): Use _int_memalign call for overflow check.
(__libc_pvalloc): Use __builtin_add_overflow on overflow check.
(__libc_calloc): Use __builtin_mul_overflow for overflow check and
limit maximum requested size to PTRDIFF_MAX.
* malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign,
valloc, pvalloc): Add __attribute_alloc_size__.
* stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise.
* malloc/tst-malloc-too-large.c (do_test): Add check for allocation
larger than PTRDIFF_MAX.
* malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than=
around tests of malloc with negative sizes.
* malloc/tst-posix_memalign.c (do_test): Likewise.
* malloc/tst-pvalloc.c (do_test): Likewise.
* malloc/tst-valloc.c (do_test): Likewise.
* malloc/tst-reallocarray.c (do_test): Replace call to reallocarray
with resulting size allocation larger than PTRDIFF_MAX with
reallocarray_nowarn.
(reallocarray_nowarn): New function.
* NEWS: Mention the malloc function semantic change.
2018-12-19 02:30:56 +08:00
|
|
|
__THROW __attribute_malloc__ __attribute_alloc_size__ ((1, 2)) __wur;
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
/* Re-allocate the previously allocated block in __ptr, making the new
|
|
|
|
block SIZE bytes long. */
|
2007-07-20 01:05:14 +08:00
|
|
|
/* __attribute_malloc__ is not used, because if realloc returns
|
|
|
|
the same pointer that was passed to it, aliasing needs to be allowed
|
|
|
|
between objects pointed by the old and new pointers. */
|
2011-05-30 08:40:08 +08:00
|
|
|
extern void *realloc (void *__ptr, size_t __size)
|
malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)
As discussed previously on libc-alpha [1], this patch follows up the idea
and add both the __attribute_alloc_size__ on malloc functions (malloc,
calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit
maximum requested allocation size to up PTRDIFF_MAX (taking into
consideration internal padding and alignment).
This aligns glibc with gcc expected size defined by default warning
-Walloc-size-larger-than value which warns for allocation larger than
PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and
expected size, such as described in PR#67999 [2] and previously discussed
ISO C11 issues [3] on libc-alpha.
From the RFC thread [4] and previous discussion, it seems that consensus
is only to limit such requested size for malloc functions, not the system
allocation one (mmap, sbrk, etc.).
The implementation changes checked_request2size to check for both overflow
and maximum object size up to PTRDIFF_MAX. No additional checks are done
on sysmalloc, so it can still issue mmap with values larger than
PTRDIFF_T depending on the requested size.
The __attribute_alloc_size__ is for functions that return a pointer only,
which means it cannot be applied to posix_memalign (see remarks in GCC
PR#87683 [5]). The runtimes checks to limit maximum requested allocation
size does applies to posix_memalign.
Checked on x86_64-linux-gnu and i686-linux-gnu.
[1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999
[3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html
[4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html
[5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683
[BZ #23741]
* malloc/hooks.c (malloc_check, realloc_check): Use
__builtin_add_overflow on overflow check and adapt to
checked_request2size change.
* malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign,
__libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum
allocation size to PTRDIFF_MAX.
(REQUEST_OUT_OF_RANGE): Remove macro.
(checked_request2size): Change to inline function and limit maximum
requested size to PTRDIFF_MAX.
(__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit
maximum allocation size to PTRDIFF_MAX.
(_mid_memalign): Use _int_memalign call for overflow check.
(__libc_pvalloc): Use __builtin_add_overflow on overflow check.
(__libc_calloc): Use __builtin_mul_overflow for overflow check and
limit maximum requested size to PTRDIFF_MAX.
* malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign,
valloc, pvalloc): Add __attribute_alloc_size__.
* stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise.
* malloc/tst-malloc-too-large.c (do_test): Add check for allocation
larger than PTRDIFF_MAX.
* malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than=
around tests of malloc with negative sizes.
* malloc/tst-posix_memalign.c (do_test): Likewise.
* malloc/tst-pvalloc.c (do_test): Likewise.
* malloc/tst-valloc.c (do_test): Likewise.
* malloc/tst-reallocarray.c (do_test): Replace call to reallocarray
with resulting size allocation larger than PTRDIFF_MAX with
reallocarray_nowarn.
(reallocarray_nowarn): New function.
* NEWS: Mention the malloc function semantic change.
2018-12-19 02:30:56 +08:00
|
|
|
__THROW __attribute_warn_unused_result__ __attribute_alloc_size__ ((2));
|
1996-12-08 16:01:13 +08:00
|
|
|
|
2017-05-31 05:26:19 +08:00
|
|
|
/* Re-allocate the previously allocated block in PTR, making the new
|
|
|
|
block large enough for NMEMB elements of SIZE bytes each. */
|
|
|
|
/* __attribute_malloc__ is not used, because if reallocarray returns
|
|
|
|
the same pointer that was passed to it, aliasing needs to be allowed
|
|
|
|
between objects pointed by the old and new pointers. */
|
|
|
|
extern void *reallocarray (void *__ptr, size_t __nmemb, size_t __size)
|
malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)
As discussed previously on libc-alpha [1], this patch follows up the idea
and add both the __attribute_alloc_size__ on malloc functions (malloc,
calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit
maximum requested allocation size to up PTRDIFF_MAX (taking into
consideration internal padding and alignment).
This aligns glibc with gcc expected size defined by default warning
-Walloc-size-larger-than value which warns for allocation larger than
PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and
expected size, such as described in PR#67999 [2] and previously discussed
ISO C11 issues [3] on libc-alpha.
From the RFC thread [4] and previous discussion, it seems that consensus
is only to limit such requested size for malloc functions, not the system
allocation one (mmap, sbrk, etc.).
The implementation changes checked_request2size to check for both overflow
and maximum object size up to PTRDIFF_MAX. No additional checks are done
on sysmalloc, so it can still issue mmap with values larger than
PTRDIFF_T depending on the requested size.
The __attribute_alloc_size__ is for functions that return a pointer only,
which means it cannot be applied to posix_memalign (see remarks in GCC
PR#87683 [5]). The runtimes checks to limit maximum requested allocation
size does applies to posix_memalign.
Checked on x86_64-linux-gnu and i686-linux-gnu.
[1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999
[3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html
[4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html
[5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683
[BZ #23741]
* malloc/hooks.c (malloc_check, realloc_check): Use
__builtin_add_overflow on overflow check and adapt to
checked_request2size change.
* malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign,
__libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum
allocation size to PTRDIFF_MAX.
(REQUEST_OUT_OF_RANGE): Remove macro.
(checked_request2size): Change to inline function and limit maximum
requested size to PTRDIFF_MAX.
(__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit
maximum allocation size to PTRDIFF_MAX.
(_mid_memalign): Use _int_memalign call for overflow check.
(__libc_pvalloc): Use __builtin_add_overflow on overflow check.
(__libc_calloc): Use __builtin_mul_overflow for overflow check and
limit maximum requested size to PTRDIFF_MAX.
* malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign,
valloc, pvalloc): Add __attribute_alloc_size__.
* stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise.
* malloc/tst-malloc-too-large.c (do_test): Add check for allocation
larger than PTRDIFF_MAX.
* malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than=
around tests of malloc with negative sizes.
* malloc/tst-posix_memalign.c (do_test): Likewise.
* malloc/tst-pvalloc.c (do_test): Likewise.
* malloc/tst-valloc.c (do_test): Likewise.
* malloc/tst-reallocarray.c (do_test): Replace call to reallocarray
with resulting size allocation larger than PTRDIFF_MAX with
reallocarray_nowarn.
(reallocarray_nowarn): New function.
* NEWS: Mention the malloc function semantic change.
2018-12-19 02:30:56 +08:00
|
|
|
__THROW __attribute_warn_unused_result__ __attribute_alloc_size__ ((2, 3));
|
2017-05-31 05:26:19 +08:00
|
|
|
|
1996-12-08 16:01:13 +08:00
|
|
|
/* Free a block allocated by `malloc', `realloc' or `calloc'. */
|
2011-05-30 08:40:08 +08:00
|
|
|
extern void free (void *__ptr) __THROW;
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
/* Allocate SIZE bytes allocated to ALIGNMENT bytes. */
|
2011-05-30 08:40:08 +08:00
|
|
|
extern void *memalign (size_t __alignment, size_t __size)
|
malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)
As discussed previously on libc-alpha [1], this patch follows up the idea
and add both the __attribute_alloc_size__ on malloc functions (malloc,
calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit
maximum requested allocation size to up PTRDIFF_MAX (taking into
consideration internal padding and alignment).
This aligns glibc with gcc expected size defined by default warning
-Walloc-size-larger-than value which warns for allocation larger than
PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and
expected size, such as described in PR#67999 [2] and previously discussed
ISO C11 issues [3] on libc-alpha.
From the RFC thread [4] and previous discussion, it seems that consensus
is only to limit such requested size for malloc functions, not the system
allocation one (mmap, sbrk, etc.).
The implementation changes checked_request2size to check for both overflow
and maximum object size up to PTRDIFF_MAX. No additional checks are done
on sysmalloc, so it can still issue mmap with values larger than
PTRDIFF_T depending on the requested size.
The __attribute_alloc_size__ is for functions that return a pointer only,
which means it cannot be applied to posix_memalign (see remarks in GCC
PR#87683 [5]). The runtimes checks to limit maximum requested allocation
size does applies to posix_memalign.
Checked on x86_64-linux-gnu and i686-linux-gnu.
[1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999
[3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html
[4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html
[5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683
[BZ #23741]
* malloc/hooks.c (malloc_check, realloc_check): Use
__builtin_add_overflow on overflow check and adapt to
checked_request2size change.
* malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign,
__libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum
allocation size to PTRDIFF_MAX.
(REQUEST_OUT_OF_RANGE): Remove macro.
(checked_request2size): Change to inline function and limit maximum
requested size to PTRDIFF_MAX.
(__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit
maximum allocation size to PTRDIFF_MAX.
(_mid_memalign): Use _int_memalign call for overflow check.
(__libc_pvalloc): Use __builtin_add_overflow on overflow check.
(__libc_calloc): Use __builtin_mul_overflow for overflow check and
limit maximum requested size to PTRDIFF_MAX.
* malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign,
valloc, pvalloc): Add __attribute_alloc_size__.
* stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise.
* malloc/tst-malloc-too-large.c (do_test): Add check for allocation
larger than PTRDIFF_MAX.
* malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than=
around tests of malloc with negative sizes.
* malloc/tst-posix_memalign.c (do_test): Likewise.
* malloc/tst-pvalloc.c (do_test): Likewise.
* malloc/tst-valloc.c (do_test): Likewise.
* malloc/tst-reallocarray.c (do_test): Replace call to reallocarray
with resulting size allocation larger than PTRDIFF_MAX with
reallocarray_nowarn.
(reallocarray_nowarn): New function.
* NEWS: Mention the malloc function semantic change.
2018-12-19 02:30:56 +08:00
|
|
|
__THROW __attribute_malloc__ __attribute_alloc_size__ ((2)) __wur;
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
/* Allocate SIZE bytes on a page boundary. */
|
malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)
As discussed previously on libc-alpha [1], this patch follows up the idea
and add both the __attribute_alloc_size__ on malloc functions (malloc,
calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit
maximum requested allocation size to up PTRDIFF_MAX (taking into
consideration internal padding and alignment).
This aligns glibc with gcc expected size defined by default warning
-Walloc-size-larger-than value which warns for allocation larger than
PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and
expected size, such as described in PR#67999 [2] and previously discussed
ISO C11 issues [3] on libc-alpha.
From the RFC thread [4] and previous discussion, it seems that consensus
is only to limit such requested size for malloc functions, not the system
allocation one (mmap, sbrk, etc.).
The implementation changes checked_request2size to check for both overflow
and maximum object size up to PTRDIFF_MAX. No additional checks are done
on sysmalloc, so it can still issue mmap with values larger than
PTRDIFF_T depending on the requested size.
The __attribute_alloc_size__ is for functions that return a pointer only,
which means it cannot be applied to posix_memalign (see remarks in GCC
PR#87683 [5]). The runtimes checks to limit maximum requested allocation
size does applies to posix_memalign.
Checked on x86_64-linux-gnu and i686-linux-gnu.
[1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999
[3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html
[4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html
[5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683
[BZ #23741]
* malloc/hooks.c (malloc_check, realloc_check): Use
__builtin_add_overflow on overflow check and adapt to
checked_request2size change.
* malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign,
__libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum
allocation size to PTRDIFF_MAX.
(REQUEST_OUT_OF_RANGE): Remove macro.
(checked_request2size): Change to inline function and limit maximum
requested size to PTRDIFF_MAX.
(__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit
maximum allocation size to PTRDIFF_MAX.
(_mid_memalign): Use _int_memalign call for overflow check.
(__libc_pvalloc): Use __builtin_add_overflow on overflow check.
(__libc_calloc): Use __builtin_mul_overflow for overflow check and
limit maximum requested size to PTRDIFF_MAX.
* malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign,
valloc, pvalloc): Add __attribute_alloc_size__.
* stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise.
* malloc/tst-malloc-too-large.c (do_test): Add check for allocation
larger than PTRDIFF_MAX.
* malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than=
around tests of malloc with negative sizes.
* malloc/tst-posix_memalign.c (do_test): Likewise.
* malloc/tst-pvalloc.c (do_test): Likewise.
* malloc/tst-valloc.c (do_test): Likewise.
* malloc/tst-reallocarray.c (do_test): Replace call to reallocarray
with resulting size allocation larger than PTRDIFF_MAX with
reallocarray_nowarn.
(reallocarray_nowarn): New function.
* NEWS: Mention the malloc function semantic change.
2018-12-19 02:30:56 +08:00
|
|
|
extern void *valloc (size_t __size) __THROW __attribute_malloc__
|
|
|
|
__attribute_alloc_size__ ((1)) __wur;
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
/* Equivalent to valloc(minimum-page-that-holds(n)), that is, round up
|
|
|
|
__size to nearest pagesize. */
|
malloc: make malloc fail with requests larger than PTRDIFF_MAX (BZ#23741)
As discussed previously on libc-alpha [1], this patch follows up the idea
and add both the __attribute_alloc_size__ on malloc functions (malloc,
calloc, realloc, reallocarray, valloc, pvalloc, and memalign) and limit
maximum requested allocation size to up PTRDIFF_MAX (taking into
consideration internal padding and alignment).
This aligns glibc with gcc expected size defined by default warning
-Walloc-size-larger-than value which warns for allocation larger than
PTRDIFF_MAX. It also aligns with gcc expectation regarding libc and
expected size, such as described in PR#67999 [2] and previously discussed
ISO C11 issues [3] on libc-alpha.
From the RFC thread [4] and previous discussion, it seems that consensus
is only to limit such requested size for malloc functions, not the system
allocation one (mmap, sbrk, etc.).
The implementation changes checked_request2size to check for both overflow
and maximum object size up to PTRDIFF_MAX. No additional checks are done
on sysmalloc, so it can still issue mmap with values larger than
PTRDIFF_T depending on the requested size.
The __attribute_alloc_size__ is for functions that return a pointer only,
which means it cannot be applied to posix_memalign (see remarks in GCC
PR#87683 [5]). The runtimes checks to limit maximum requested allocation
size does applies to posix_memalign.
Checked on x86_64-linux-gnu and i686-linux-gnu.
[1] https://sourceware.org/ml/libc-alpha/2018-11/msg00223.html
[2] https://gcc.gnu.org/bugzilla//show_bug.cgi?id=67999
[3] https://sourceware.org/ml/libc-alpha/2011-12/msg00066.html
[4] https://sourceware.org/ml/libc-alpha/2018-11/msg00224.html
[5] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87683
[BZ #23741]
* malloc/hooks.c (malloc_check, realloc_check): Use
__builtin_add_overflow on overflow check and adapt to
checked_request2size change.
* malloc/malloc.c (__libc_malloc, __libc_realloc, _mid_memalign,
__libc_pvalloc, __libc_calloc, _int_memalign): Limit maximum
allocation size to PTRDIFF_MAX.
(REQUEST_OUT_OF_RANGE): Remove macro.
(checked_request2size): Change to inline function and limit maximum
requested size to PTRDIFF_MAX.
(__libc_malloc, __libc_realloc, _int_malloc, _int_memalign): Limit
maximum allocation size to PTRDIFF_MAX.
(_mid_memalign): Use _int_memalign call for overflow check.
(__libc_pvalloc): Use __builtin_add_overflow on overflow check.
(__libc_calloc): Use __builtin_mul_overflow for overflow check and
limit maximum requested size to PTRDIFF_MAX.
* malloc/malloc.h (malloc, calloc, realloc, reallocarray, memalign,
valloc, pvalloc): Add __attribute_alloc_size__.
* stdlib/stdlib.h (malloc, realloc, reallocarray, valloc): Likewise.
* malloc/tst-malloc-too-large.c (do_test): Add check for allocation
larger than PTRDIFF_MAX.
* malloc/tst-memalign.c (do_test): Disable -Walloc-size-larger-than=
around tests of malloc with negative sizes.
* malloc/tst-posix_memalign.c (do_test): Likewise.
* malloc/tst-pvalloc.c (do_test): Likewise.
* malloc/tst-valloc.c (do_test): Likewise.
* malloc/tst-reallocarray.c (do_test): Replace call to reallocarray
with resulting size allocation larger than PTRDIFF_MAX with
reallocarray_nowarn.
(reallocarray_nowarn): New function.
* NEWS: Mention the malloc function semantic change.
2018-12-19 02:30:56 +08:00
|
|
|
extern void *pvalloc (size_t __size) __THROW __attribute_malloc__
|
|
|
|
__attribute_alloc_size__ ((1)) __wur;
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
/* Underlying allocation function; successive calls should return
|
|
|
|
contiguous pieces of memory. */
|
2011-05-30 08:40:08 +08:00
|
|
|
extern void *(*__morecore) (ptrdiff_t __size);
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
/* Default value of `__morecore'. */
|
2011-05-30 08:40:08 +08:00
|
|
|
extern void *__default_morecore (ptrdiff_t __size)
|
2014-01-02 16:38:18 +08:00
|
|
|
__THROW __attribute_malloc__;
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
/* SVID2/XPG mallinfo structure */
|
2002-01-29 15:54:51 +08:00
|
|
|
|
2011-05-30 08:40:08 +08:00
|
|
|
struct mallinfo
|
|
|
|
{
|
2002-01-29 15:54:51 +08:00
|
|
|
int arena; /* non-mmapped space allocated from system */
|
|
|
|
int ordblks; /* number of free chunks */
|
|
|
|
int smblks; /* number of fastbin blocks */
|
1996-12-08 16:01:13 +08:00
|
|
|
int hblks; /* number of mmapped regions */
|
2002-01-29 15:54:51 +08:00
|
|
|
int hblkhd; /* space in mmapped regions */
|
2016-02-20 00:07:04 +08:00
|
|
|
int usmblks; /* always 0, preserved for backwards compatibility */
|
2002-01-29 15:54:51 +08:00
|
|
|
int fsmblks; /* space available in freed fastbin blocks */
|
1996-12-08 16:01:13 +08:00
|
|
|
int uordblks; /* total allocated space */
|
2002-01-29 15:54:51 +08:00
|
|
|
int fordblks; /* total free space */
|
1996-12-08 16:01:13 +08:00
|
|
|
int keepcost; /* top-most, releasable (via malloc_trim) space */
|
|
|
|
};
|
|
|
|
|
|
|
|
/* Returns a copy of the updated current mallinfo. */
|
2011-05-30 08:40:08 +08:00
|
|
|
extern struct mallinfo mallinfo (void) __THROW;
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
/* SVID2/XPG mallopt options */
|
|
|
|
#ifndef M_MXFAST
|
2014-01-02 16:38:18 +08:00
|
|
|
# define M_MXFAST 1 /* maximum request size for "fastbins" */
|
1996-12-08 16:01:13 +08:00
|
|
|
#endif
|
|
|
|
#ifndef M_NLBLKS
|
2014-01-02 16:38:18 +08:00
|
|
|
# define M_NLBLKS 2 /* UNUSED in this malloc */
|
1996-12-08 16:01:13 +08:00
|
|
|
#endif
|
|
|
|
#ifndef M_GRAIN
|
2014-01-02 16:38:18 +08:00
|
|
|
# define M_GRAIN 3 /* UNUSED in this malloc */
|
1996-12-08 16:01:13 +08:00
|
|
|
#endif
|
|
|
|
#ifndef M_KEEP
|
2014-01-02 16:38:18 +08:00
|
|
|
# define M_KEEP 4 /* UNUSED in this malloc */
|
1996-12-08 16:01:13 +08:00
|
|
|
#endif
|
|
|
|
|
|
|
|
/* mallopt options that actually do something */
|
|
|
|
#define M_TRIM_THRESHOLD -1
|
|
|
|
#define M_TOP_PAD -2
|
|
|
|
#define M_MMAP_THRESHOLD -3
|
|
|
|
#define M_MMAP_MAX -4
|
update from main archive 961217
Wed Dec 18 03:31:58 1996 Ulrich Drepper <drepper@cygnus.com>
* dirent/scandir.c: Undo change from Mon Dec 2 15:32:15 1996.
The stream is private and usages outside glibc don't care about
reentrancy.
* io/fts.c: Likewise.
* io/ftw.c: Likewise.
* sysdeps/posix/getcwd.c: Likewise.
* sysdeps/posix/ttyname.c: Likewise.
* sysdeps/posix/ttyname_r.c: Likewise.
* sysdeps/posix/glob.c: Likewise.
* libio/iovsprintf.c: Add cast to prevent warning.
* libio/iovsscanf.c: Likewise.
* libio/libioP.h: Define mmap to __mmap and munmap to __munmap
to keep namespace clean.
* new-malloc/malloc.c: Update to last version from Wolfram Gloger.
Add hooks and check functions from old GNU malloc.
* new-malloc/malloc.h: Likewise.
* nis/ypclnt.c: Remove prototype for xdr_free.
* snrpc/rpc/xdr.h: Add prototype for xdr_free.
* manual/nss.texi: Correct description of default values and don't
meantion NSS as an add-on.
* nss/grp-lookup.c: Provide default value as
"compat [NOTFOUND=return] files".
* nss/pwd-lookup.c: Likewise.
* nss/spwd-lookup.c: Likewise.
* nss/network-lookup.c: Correct default to
"dns [!UNAVAIL=return] files".
* nss/nsswitch.c: Change default-default value to "nis
[NOTFOUND=return] files" since compat is only available for group,
passwd, and shadow.
* stdlib/on_exit.c (on_exit): Rename to __on_exit and make old name
a weak alias.
* stdlib/stdlib.h: Add prototype for __on_exit.
* sysdeps/unix/sysv/linux/schedbits.h: Add prototype for __clone.
* time/Makefile: Undo change from Sun Dec 8 06:56:49 1996.
The new malloc now has mcheck.
* time/ap.c: Likewise.
* time/tzset.c (__tzset): Rename to __tzset_internal.
(tzset): Rename to __tzset. Make tzset a weak alias for __tzset.
* time/localtime.c: Use __tzset_internal not __tzset.
* time/strftime.c [_LIBC]: Define tzname as __tzname and tzset
as __tzset to prevent namespace pollution.
* wctype/iswctype.h (icwctype): Rename to __iswctype. Make iswctype
a weak alias of __iswctype.
* wctype/wctype.h: Add prototype for __iswctype.
(iswalnum, iswalpha, iswcntrl, iswdigit, iswlower, iswgraph,
iswprint, iswpunct, iswspace, iswupper, iswxdigit, iswblank):
Use __iswctype for the test, not iswctype.
1996-12-16 Paul Eggert <eggert@twinsun.com>
* hurd/hurd/sigpreempt.h
(struct hurd_signal_preemptor.preemptor, _hurdsig_preemptors),
hurd/hurd/signal.h (struct hurd_sigstate.preemptors),
hurd/hurdfault.c, hurd/hurdfault.h (_hurdsig_fault_preemptor),
hurd/hurdsig.c (_hurdsig_preempters):
Renamed to fix spelling from `preempter' to `preemptor'.
All uses changed.
1996-12-15 Paul Eggert <eggert@twinsun.com>
* ctime.c (ctime): Return asctime (localtime (t)), as the C
standard requires.
Tue Dec 17 02:05:48 1996 Thomas Bushnell, n/BSG <thomas@gnu.ai.mit.edu>
* sysdeps/mach/libc-lock.h (__libc_lock_trylock): Invert return
value because Mach/cthreads uses the opposite convention from
Posix/glibc.
Mon Dec 16 22:41:01 1996 Ulrich Drepper <drepper@cygnus.com>
* stdio-common/fcloseall.c: Correct test of already_called.
Reported by Thomas Bushnell, n/BSG.
Mon Dec 16 14:52:07 1996 Thomas Bushnell, n/BSG <thomas@gnu.ai.mit.edu>
* mach/lock-intern.h (__mutex_try_lock): New function.
Sun Dec 15 16:33:44 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* termios/sys/ttydefaults.h (TTYDEF_OFLAG): Only use OXTABS if
defined, else XTABS.
(CEOL, CSTATUS): Use _POSIX_VDISABLE if defined.
Sun Dec 15 11:56:19 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* sysdeps/unix/sysv/linux/m68k/mremap.S: New file.
* sysdeps/unix/sysv/linux/m68k/Dist: Distribute it.
* sysdeps/unix/sysv/linux/m68k/Makefile (sysdep_routines): Add mremap.
1996-12-18 11:23:47 +08:00
|
|
|
#define M_CHECK_ACTION -5
|
2014-01-02 16:38:18 +08:00
|
|
|
#define M_PERTURB -6
|
|
|
|
#define M_ARENA_TEST -7
|
|
|
|
#define M_ARENA_MAX -8
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
/* General SVID/XPG interface to tunable parameters. */
|
2011-05-30 08:40:08 +08:00
|
|
|
extern int mallopt (int __param, int __val) __THROW;
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
/* Release all but __pad bytes of freed top-most memory back to the
|
|
|
|
system. Return 1 if successful, else 0. */
|
2011-05-30 08:40:08 +08:00
|
|
|
extern int malloc_trim (size_t __pad) __THROW;
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
/* Report the number of usable allocated bytes associated with allocated
|
|
|
|
chunk __ptr. */
|
2011-05-30 08:40:08 +08:00
|
|
|
extern size_t malloc_usable_size (void *__ptr) __THROW;
|
1996-12-08 16:01:13 +08:00
|
|
|
|
|
|
|
/* Prints brief summary statistics on stderr. */
|
2011-05-30 08:40:08 +08:00
|
|
|
extern void malloc_stats (void) __THROW;
|
1996-12-08 16:01:13 +08:00
|
|
|
|
2009-04-09 13:45:42 +08:00
|
|
|
/* Output information about state of allocator to stream FP. */
|
2011-05-30 08:40:08 +08:00
|
|
|
extern int malloc_info (int __options, FILE *__fp) __THROW;
|
2009-04-09 13:45:42 +08:00
|
|
|
|
1999-11-13 01:15:18 +08:00
|
|
|
/* Hooks for debugging and user-defined versions. */
|
2011-05-30 08:40:08 +08:00
|
|
|
extern void (*__MALLOC_HOOK_VOLATILE __free_hook) (void *__ptr,
|
2014-01-02 16:38:18 +08:00
|
|
|
const void *)
|
|
|
|
__MALLOC_DEPRECATED;
|
|
|
|
extern void *(*__MALLOC_HOOK_VOLATILE __malloc_hook)(size_t __size,
|
|
|
|
const void *)
|
|
|
|
__MALLOC_DEPRECATED;
|
|
|
|
extern void *(*__MALLOC_HOOK_VOLATILE __realloc_hook)(void *__ptr,
|
|
|
|
size_t __size,
|
|
|
|
const void *)
|
|
|
|
__MALLOC_DEPRECATED;
|
|
|
|
extern void *(*__MALLOC_HOOK_VOLATILE __memalign_hook)(size_t __alignment,
|
|
|
|
size_t __size,
|
|
|
|
const void *)
|
|
|
|
__MALLOC_DEPRECATED;
|
2011-05-30 08:40:08 +08:00
|
|
|
extern void (*__MALLOC_HOOK_VOLATILE __after_morecore_hook) (void);
|
update from main archive 961217
Wed Dec 18 03:31:58 1996 Ulrich Drepper <drepper@cygnus.com>
* dirent/scandir.c: Undo change from Mon Dec 2 15:32:15 1996.
The stream is private and usages outside glibc don't care about
reentrancy.
* io/fts.c: Likewise.
* io/ftw.c: Likewise.
* sysdeps/posix/getcwd.c: Likewise.
* sysdeps/posix/ttyname.c: Likewise.
* sysdeps/posix/ttyname_r.c: Likewise.
* sysdeps/posix/glob.c: Likewise.
* libio/iovsprintf.c: Add cast to prevent warning.
* libio/iovsscanf.c: Likewise.
* libio/libioP.h: Define mmap to __mmap and munmap to __munmap
to keep namespace clean.
* new-malloc/malloc.c: Update to last version from Wolfram Gloger.
Add hooks and check functions from old GNU malloc.
* new-malloc/malloc.h: Likewise.
* nis/ypclnt.c: Remove prototype for xdr_free.
* snrpc/rpc/xdr.h: Add prototype for xdr_free.
* manual/nss.texi: Correct description of default values and don't
meantion NSS as an add-on.
* nss/grp-lookup.c: Provide default value as
"compat [NOTFOUND=return] files".
* nss/pwd-lookup.c: Likewise.
* nss/spwd-lookup.c: Likewise.
* nss/network-lookup.c: Correct default to
"dns [!UNAVAIL=return] files".
* nss/nsswitch.c: Change default-default value to "nis
[NOTFOUND=return] files" since compat is only available for group,
passwd, and shadow.
* stdlib/on_exit.c (on_exit): Rename to __on_exit and make old name
a weak alias.
* stdlib/stdlib.h: Add prototype for __on_exit.
* sysdeps/unix/sysv/linux/schedbits.h: Add prototype for __clone.
* time/Makefile: Undo change from Sun Dec 8 06:56:49 1996.
The new malloc now has mcheck.
* time/ap.c: Likewise.
* time/tzset.c (__tzset): Rename to __tzset_internal.
(tzset): Rename to __tzset. Make tzset a weak alias for __tzset.
* time/localtime.c: Use __tzset_internal not __tzset.
* time/strftime.c [_LIBC]: Define tzname as __tzname and tzset
as __tzset to prevent namespace pollution.
* wctype/iswctype.h (icwctype): Rename to __iswctype. Make iswctype
a weak alias of __iswctype.
* wctype/wctype.h: Add prototype for __iswctype.
(iswalnum, iswalpha, iswcntrl, iswdigit, iswlower, iswgraph,
iswprint, iswpunct, iswspace, iswupper, iswxdigit, iswblank):
Use __iswctype for the test, not iswctype.
1996-12-16 Paul Eggert <eggert@twinsun.com>
* hurd/hurd/sigpreempt.h
(struct hurd_signal_preemptor.preemptor, _hurdsig_preemptors),
hurd/hurd/signal.h (struct hurd_sigstate.preemptors),
hurd/hurdfault.c, hurd/hurdfault.h (_hurdsig_fault_preemptor),
hurd/hurdsig.c (_hurdsig_preempters):
Renamed to fix spelling from `preempter' to `preemptor'.
All uses changed.
1996-12-15 Paul Eggert <eggert@twinsun.com>
* ctime.c (ctime): Return asctime (localtime (t)), as the C
standard requires.
Tue Dec 17 02:05:48 1996 Thomas Bushnell, n/BSG <thomas@gnu.ai.mit.edu>
* sysdeps/mach/libc-lock.h (__libc_lock_trylock): Invert return
value because Mach/cthreads uses the opposite convention from
Posix/glibc.
Mon Dec 16 22:41:01 1996 Ulrich Drepper <drepper@cygnus.com>
* stdio-common/fcloseall.c: Correct test of already_called.
Reported by Thomas Bushnell, n/BSG.
Mon Dec 16 14:52:07 1996 Thomas Bushnell, n/BSG <thomas@gnu.ai.mit.edu>
* mach/lock-intern.h (__mutex_try_lock): New function.
Sun Dec 15 16:33:44 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* termios/sys/ttydefaults.h (TTYDEF_OFLAG): Only use OXTABS if
defined, else XTABS.
(CEOL, CSTATUS): Use _POSIX_VDISABLE if defined.
Sun Dec 15 11:56:19 1996 Andreas Schwab <schwab@issan.informatik.uni-dortmund.de>
* sysdeps/unix/sysv/linux/m68k/mremap.S: New file.
* sysdeps/unix/sysv/linux/m68k/Dist: Distribute it.
* sysdeps/unix/sysv/linux/m68k/Makefile (sysdep_routines): Add mremap.
1996-12-18 11:23:47 +08:00
|
|
|
|
|
|
|
|
2005-01-12 09:56:21 +08:00
|
|
|
__END_DECLS
|
1997-06-21 10:59:26 +08:00
|
|
|
#endif /* malloc.h */
|