caleb-brown/redict
1
0
Fork 0
mirror of https://codeberg.org/redict/redict.git synced 2025-01-23 00:28:26 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix wrong zmalloc_size() assumption. (#7963)

Browse Source 
When using a system with no malloc_usable_size(), zmalloc_size() assumed
that the heap allocator always returns blocks that are long-padded.

This may not always be the case, and will result with zmalloc_size()
returning a size that is bigger than allocated. At least in one case
this leads to out of bound write, process crash and a potential security
vulnerability.

Effectively this does not affect the vast majority of users, who use
jemalloc or glibc.

This problem along with a (different) fix was reported by Drew DeVault.
This commit is contained in:
Yossi Gottlieb 2020-10-26 14:49:08 +02:00 committed by GitHub
parent 4e2e5be201
commit 9824fe3e39
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/zmalloc.c
View File

@ -236,9 +236,6 @@ void *zrealloc_usable(void *ptr, size_t size, size_t *usable) {
size_t zmalloc_size(void *ptr) { size_t zmalloc_size(void *ptr) {
void *realptr = (char*)ptr-PREFIX_SIZE; void *realptr = (char*)ptr-PREFIX_SIZE;
size_t size = *((size_t*)realptr); size_t size = *((size_t*)realptr);
/* Assume at least that all the allocations are padded at sizeof(long) by
* the underlying allocator. */
if (size&(sizeof(long)-1)) size += sizeof(long)-(size&(sizeof(long)-1));
return size+PREFIX_SIZE; return size+PREFIX_SIZE;
} }
size_t zmalloc_usable_size(void *ptr) { size_t zmalloc_usable_size(void *ptr) {