From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 9373 invoked from network); 3 May 2022 15:47:24 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 3 May 2022 15:47:24 -0000 Received: (qmail 23668 invoked by uid 550); 3 May 2022 15:47:22 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 23633 invoked from network); 3 May 2022 15:47:21 -0000 Date: Tue, 3 May 2022 11:47:09 -0400 From: Rich Felker To: WILLIAMS Stephen Cc: "musl@lists.openwall.com" Message-ID: <20220503154709.GV7074@brightrain.aerifal.cx> References: <20220503125902.GT7074@brightrain.aerifal.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [musl] BUG REPORT: Fault in src/malloc/oldmalloc/aligned_alloc.c leads to memory corruption On Tue, May 03, 2022 at 03:14:34PM +0000, WILLIAMS Stephen wrote: > Interesting. From the logging I’m seeing (admittedly with an old > fork in use with seL4) ‘mem’ is not guaranteed to be a multiple of > SIZE_ALIGN as you are suggesting above. > > The following was generated with logging inside of the __memalign routine to show the values of ’new’ and ‘mem’: > > new = 0x5cd500 > mem = 0x5cd4f0 > memalign: align = 0x40, size = 0x1000. Returned address = 0x5cd500 > > new = 0x5cd500 > mem = 0x5cd4f0 > memalign: align = 0x40, size = 0x1000. Returned address = 0x5cd500 > > The ‘mem’ address returned by malloc is not a multiple of SIZE_ALIGN > (32 on this system) thereby leading to new-mem being less that > SIZE_ALIGN. Interesting. I don't see where any changes were made to your fork of malloc that would cause this, but it's definitely an intended variant that all chunks be aligned mod SIZE_ALIGN, and that was the case all the way back to the original musl oldmalloc. Is it possible that PAGE_SIZE is evaluating to nonsense (maybe libc.page_size ununitialized), resulting in the initial brk not getting aligned? It's an implicit assumption that page size is larger than SIZE_ALIGN. Rich