1. 30 11月, 2022 1 次提交
  2. 15 11月, 2022 1 次提交
  3. 01 11月, 2022 2 次提交
  4. 13 10月, 2022 1 次提交
  5. 11 10月, 2022 1 次提交
  6. 10 10月, 2022 1 次提交
  7. 29 9月, 2022 1 次提交
  8. 01 9月, 2022 1 次提交
    • F
      feat: 增加red zone/poison特性,提高musl内存分配器对溢出和UAF的防护能力 · 65228e15
      Far 提交于
      1. chunk overhead区增加两个字段usize和state,分别记录实际占用的payload的大小以及当前chunk的状态。
      其中chunk的状态包括是否分配给用户以及是否被下毒。下毒指的是在chunk除有效payload(即用户实际使用
      的内存)外的内存中填充进随机生成的数据。在malloc/free时检测这些区域即可实现对溢出以及UAF的校验。
      
      2. 为了提高性能,并不会对所有chunk下毒,而是每POISON_COUNT_DOWN_BASE次malloc/free时进行一次下毒。
      Signed-off-by: NFar <yesiyuan2@huawei.com>
      Change-Id: Idb341c202d8ec99f5370d4f589ee261ded8b163f
      65228e15
  9. 11 3月, 2021 1 次提交
  10. 09 9月, 2020 1 次提交
  11. 13 9月, 2018 1 次提交
    • R
      reduce spurious inclusion of libc.h · 5ce37379
      Rich Felker 提交于
      libc.h was intended to be a header for access to global libc state and
      related interfaces, but ended up included all over the place because
      it was the way to get the weak_alias macro. most of the inclusions
      removed here are places where weak_alias was needed. a few were
      recently introduced for hidden. some go all the way back to when
      libc.h defined CANCELPT_BEGIN and _END, and all (wrongly implemented)
      cancellation points had to include it.
      
      remaining spurious users are mostly callers of the LOCK/UNLOCK macros
      and files that use the LFS64 macro to define the awful *64 aliases.
      
      in a few places, new inclusion of libc.h is added because several
      internal headers no longer implicitly include libc.h.
      
      declarations for __lockfile and __unlockfile are moved from libc.h to
      stdio_impl.h so that the latter does not need libc.h. putting them in
      libc.h made no sense at all, since the macros in stdio_impl.h are
      needed to use them correctly anyway.
      5ce37379
  12. 20 4月, 2018 4 次提交
    • R
      reintroduce hardening against partially-replaced allocator · b4b1e103
      Rich Felker 提交于
      commit 618b18c7 removed the previous
      detection and hardening since it was incorrect. commit
      72141795 already handled all that
      remained for hardening the static-linked case. in the dynamic-linked
      case, have the dynamic linker check whether malloc was replaced and
      make that information available.
      
      with these changes, the properties documented in commit
      c9f415d7 are restored: if calloc is
      not provided, it will behave as malloc+memset, and any of the
      memalign-family functions not provided will fail with ENOMEM.
      b4b1e103
    • R
      return chunks split off by memalign using __bin_chunk instead of free · 72141795
      Rich Felker 提交于
      this change serves multiple purposes:
      
      1. it ensures that static linking of memalign-family functions will
      pull in the system malloc implementation, thereby causing link errors
      if an attempt is made to link the system memalign functions with a
      replacement malloc (incomplete allocator replacement).
      
      2. it eliminates calls to free that are unpaired with allocations,
      which are confusing when setting breakpoints or tracing execution.
      
      as a bonus, making __bin_chunk external may discourage aggressive and
      unnecessary inlining of it.
      72141795
    • R
      using malloc implementation types/macros/idioms for memalign · 3c2cbbe7
      Rich Felker 提交于
      the generated code should be mostly unchanged, except for explicit use
      of C_INUSE in place of copying the low bits from existing chunk
      headers/footers.
      
      these changes also remove mild UB due to dubious arithmetic on
      pointers into imaginary size_t[] arrays.
      3c2cbbe7
    • R
      revert detection of partially-replaced allocator · 618b18c7
      Rich Felker 提交于
      commit c9f415d7 included checks to
      make calloc fallback to memset if used with a replaced malloc that
      didn't also replace calloc, and the memalign family fail if free has
      been replaced. however, the checks gave false positives for
      replacement whenever malloc or free resolved to a PLT entry in the
      main program.
      
      for now, disable the checks so as not to leave libc in a broken state.
      this means that the properties documented in the above commit are no
      longer satisfied; failure to replace calloc and the memalign family
      along with malloc is unsafe if they are ever called.
      
      the calloc checks were correct but useless for static linking. in both
      cases (simple or full malloc), calloc and malloc are in a source file
      together, so replacement of one but not the other would give linking
      errors. the memalign-family check was useful for static linking, but
      broken for dynamic as described above, and can be replaced with a
      better link-time check.
      618b18c7
  13. 19 4月, 2018 1 次提交
    • R
      allow interposition/replacement of allocator (malloc) · c9f415d7
      Rich Felker 提交于
      replacement is subject to conditions on the replacement functions.
      they may only call functions which are async-signal-safe, as specified
      either by POSIX or as an implementation-defined extension. if any
      allocator functions are replaced, at least malloc, realloc, and free
      must be provided. if calloc is not provided, it will behave as
      malloc+memset. any of the memalign-family functions not provided will
      fail with ENOMEM.
      
      in order to implement the above properties, calloc and __memalign
      check that they are using their own malloc or free, respectively.
      choice to check malloc or free is based on considerations of
      supporting __simple_malloc. in order to make this work, calloc is
      split into separate versions for __simple_malloc and full malloc;
      commit ba819787 already did most of
      the split anyway, and completing it saves an extra call frame.
      
      previously, use of -Bsymbolic-functions made dynamic interposition
      impossible. now, we are using an explicit dynamic-list, so add
      allocator functions to the list. most are not referenced anyway, but
      all are added for completeness.
      c9f415d7
  14. 24 7月, 2013 2 次提交
    • R
      remove redundant check in memalign · 4a30ba5c
      Rich Felker 提交于
      the case where mem was already aligned is handled earlier in the
      function now.
      4a30ba5c
    • R
      fix heap corruption bug in memalign · 70a92bc9
      Rich Felker 提交于
      this bug was caught by the new footer-corruption check in realloc and
      free.
      
      if the block returned by malloc was already aligned to the desired
      alignment, memalign's logic to split off the misaligned head was
      incorrect; rather than writing to a point inside the allocated block,
      it was overwriting the footer of the previous block on the heap with
      the value 1 (length 0 plus an in-use flag).
      
      fortunately, the impact of this bug was fairly low. (this is probably
      why it was not caught sooner.) due to the way the heap works, malloc
      will never return a block whose previous block is free. (doing so would
      be harmful because it would increase fragmentation with no benefit.)
      the footer is actually not needed for in-use blocks, except that its
      in-use bit needs to remain set so that it does not get merged with
      free blocks, so there was no harm in it being set to 1 instead of the
      correct value.
      
      however, there is one case where this bug could have had an impact: in
      multi-threaded programs, if another thread freed the previous block
      after memalign's call to malloc returned, but before memalign
      overwrote the previous block's footer, the resulting block in the free
      list could be left in a corrupt state. I have not analyzed the impact
      of this bad state and whether it could lead to more serious
      malfunction.
      70a92bc9
  15. 05 7月, 2013 1 次提交
    • R
      move core memalign code from aligned_alloc to __memalign · 6d861ac8
      Rich Felker 提交于
      there are two motivations for this change. one is to avoid
      gratuitously depending on a C11 symbol for implementing a POSIX
      function. the other pertains to the documented semantics. C11 does not
      define any behavior for aligned_alloc when the length argument is not
      a multiple of the alignment argument. posix_memalign on the other hand
      places no requirements on the length argument. using __memalign as the
      implementation of both, rather than trying to implement one in terms
      of the other when their documented contracts differ, eliminates this
      confusion.
      6d861ac8
  16. 26 8月, 2012 1 次提交
    • R
      implement "low hanging fruit" from C11 · 9bff7c13
      Rich Felker 提交于
      based on Gregor's patch sent to the list. includes:
      - stdalign.h
      - removing gets in C11 mode
      - adding aligned_alloc and adjusting other functions to use it
      - adding 'x' flag to fopen for exclusive mode
      9bff7c13
  17. 12 2月, 2011 1 次提交