From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/11650
Path: news.gmane.org!.POSTED!not-for-mail
From: Rich Felker <dalias@libc.org>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: [PATCH] fix undefined behavior in free
Date: Tue, 4 Jul 2017 17:11:41 -0400
Message-ID: <20170704211141.GP1627@brightrain.aerifal.cx>
References: <20170627175847.13827-1-amonakov@ispras.ru>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: blaine.gmane.org 1499202715 26978 195.159.176.226 (4 Jul 2017 21:11:55 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Tue, 4 Jul 2017 21:11:55 +0000 (UTC)
User-Agent: Mutt/1.5.21 (2010-09-15)
To: musl@lists.openwall.com
Original-X-From: musl-return-11663-gllmg-musl=m.gmane.org@lists.openwall.com Tue Jul 04 23:11:51 2017
Return-path: <musl-return-11663-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.84_2)
	(envelope-from <musl-return-11663-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1dSV6s-0006lS-CP
	for gllmg-musl@m.gmane.org; Tue, 04 Jul 2017 23:11:50 +0200
Original-Received: (qmail 26231 invoked by uid 550); 4 Jul 2017 21:11:54 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 26210 invoked from network); 4 Jul 2017 21:11:53 -0000
Content-Disposition: inline
In-Reply-To: <20170627175847.13827-1-amonakov@ispras.ru>
Original-Sender: Rich Felker <dalias@aerifal.cx>
Xref: news.gmane.org gmane.linux.lib.musl.general:11650
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/11650>

On Tue, Jun 27, 2017 at 08:58:47PM +0300, Alexander Monakov wrote:
> ---
>  src/malloc/malloc.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c
> index 720fa696..ef4c7368 100644
> --- a/src/malloc/malloc.c
> +++ b/src/malloc/malloc.c
> @@ -463,14 +463,15 @@ copy_realloc:
>  
>  void free(void *p)
>  {
> -	struct chunk *self = MEM_TO_CHUNK(p);
> -	struct chunk *next;
> +	struct chunk *self, *next;
>  	size_t final_size, new_size, size;
>  	int reclaim=0;
>  	int i;
>  
>  	if (!p) return;
>  
> +	self = MEM_TO_CHUNK(p);
> +
>  	if (IS_MMAPPED(self)) {
>  		size_t extra = self->psize;
>  		char *base = (char *)self - extra;
> -- 
> 2.11.0

Thanks, applied

Rich