From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/10548 Path: news.gmane.org!.POSTED!not-for-mail From: u-uy74@aetey.se Newsgroups: gmane.linux.lib.musl.general Subject: Re: "non-float" malloc (was: incompatibility between libtheora/mmx and musl) Date: Sun, 2 Oct 2016 13:17:38 +0200 Message-ID: <20161002111738.GN28325@example.net> References: <20160913180649.GN16436@example.net> <20160913204304.GY15995@brightrain.aerifal.cx> <20160914103253.GO16436@example.net> <20160914112400.GS1280@port70.net> <20160914140450.GQ16436@example.net> <20160914142842.GZ15995@brightrain.aerifal.cx> <20160914144145.GT1280@port70.net> <20161002105950.GM28325@example.net> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: blaine.gmane.org 1475407098 18239 195.159.176.226 (2 Oct 2016 11:18:18 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sun, 2 Oct 2016 11:18:18 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-10561-gllmg-musl=m.gmane.org@lists.openwall.com Sun Oct 02 13:18:14 2016 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.84_2) (envelope-from ) id 1bqemU-0003N1-RP for gllmg-musl@m.gmane.org; Sun, 02 Oct 2016 13:18:06 +0200 Original-Received: (qmail 14143 invoked by uid 550); 2 Oct 2016 11:18:07 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 14120 invoked from network); 2 Oct 2016 11:18:06 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fripost.org; h= in-reply-to:content-disposition:content-type:content-type :mime-version:references:message-id:subject:subject:from:from :date:date; s=20140703; t=1475407075; x=1477221476; bh=xtaKGJ3jI MwA5ro5h9QstbSofn2y2zGDj/pEtnP4AK0=; b=UProK/zmMm1eHa7Gvy+H/r9fV 3ebvNSCnQZR5xICJcrQWGGaOCJ8v5to8upwNQVF19B8qbXbXALoez2FTdniOAjzb Y7HjNtUxQnqkKpymByMHAu6wNhRpGHrDkLsLf0LOR4nddm6Iyj1mYgG/x9xIoB86 6L5ZXXOYCj0X7htGlk= X-Virus-Scanned: Debian amavisd-new at fripost.org Content-Disposition: inline In-Reply-To: <20161002105950.GM28325@example.net> Xref: news.gmane.org gmane.linux.lib.musl.general:10548 Archived-At: On Sun, Oct 02, 2016 at 12:59:50PM +0200, u-uy74@aetey.se wrote: > Would you mind adding the brk()/stack overlap checking to this variant > of the code? Something like (shamelessly cut-n-pasted from expand_heap.c) --- malloc.c.ori 2016-10-02 13:06:34.407671803 +0200 +++ malloc.c 2016-10-02 13:13:06.787149613 +0200 @@ -60,6 +60,27 @@ #define IS_MMAPPED(c) !((c)->csize & (C_INUSE)) +/* This function returns true if the interval [old,new] + * intersects the 'len'-sized interval below &libc.auxv + * (interpreted as the main-thread stack) or below &b + * (the current stack). It is used to defend against + * buggy brk implementations that can cross the stack. */ + +static int traverses_stack_p(uintptr_t old, uintptr_t new) +{ + const uintptr_t len = 8<<20; + uintptr_t a, b; + + b = (uintptr_t)libc.auxv; + a = b > len ? b-len : 0; + if (new>a && old len ? b-len : 0; + if (new>a && old