From 85cfbc035370d2a3715ea9de3e590ba83fae52d1 Mon Sep 17 00:00:00 2001
From: Zhiqiang Zhang <zhangzhiqiang.zhang@huawei.com>
Date: Wed, 18 Mar 2015 18:44:50 +0800
Subject: malloc: checked_request2size failure deadlocks

For some rarely cases(almost App bugs), calling malloc with
a very largre size, checked_request2size check will fail,set
ENOMEM, and return 0 to caller.

But this will let __malloc_lock futex locked and owned by the
caller. In multithread circumstance, other thread calling
malloc/calloc will NOT succeed and get locked.

Signed-off-by: Zhiqiang Zhang <zhangzhiqiang.zhang@huawei.com>
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
---
 libc/stdlib/malloc-standard/malloc.c   | 5 +++--
 libc/stdlib/malloc-standard/memalign.c | 2 +-
 libc/stdlib/malloc-standard/realloc.c  | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

(limited to 'libc/stdlib')

diff --git a/libc/stdlib/malloc-standard/malloc.c b/libc/stdlib/malloc-standard/malloc.c
index 2abb5bbdd..fd33b50c7 100644
--- a/libc/stdlib/malloc-standard/malloc.c
+++ b/libc/stdlib/malloc-standard/malloc.c
@@ -832,8 +832,6 @@ void* malloc(size_t bytes)
     }
 #endif
 
-    __MALLOC_LOCK;
-    av = get_malloc_state();
     /*
        Convert request size to internal form by adding (sizeof(size_t)) bytes
        overhead plus possibly more to obtain necessary alignment and/or
@@ -845,6 +843,9 @@ void* malloc(size_t bytes)
 
     checked_request2size(bytes, nb);
 
+    __MALLOC_LOCK;
+    av = get_malloc_state();
+
     /*
        Bypass search if no frees yet
        */
diff --git a/libc/stdlib/malloc-standard/memalign.c b/libc/stdlib/malloc-standard/memalign.c
index 6303c1dd9..e9ae5a7b9 100644
--- a/libc/stdlib/malloc-standard/memalign.c
+++ b/libc/stdlib/malloc-standard/memalign.c
@@ -52,8 +52,8 @@ void* memalign(size_t alignment, size_t bytes)
 	alignment = a;
     }
 
-    __MALLOC_LOCK;
     checked_request2size(bytes, nb);
+    __MALLOC_LOCK;
 
     /* Strategy: find a spot within that chunk that meets the alignment
      * request, and then possibly free the leading and trailing space.  */
diff --git a/libc/stdlib/malloc-standard/realloc.c b/libc/stdlib/malloc-standard/realloc.c
index e060b70ea..e49d11125 100644
--- a/libc/stdlib/malloc-standard/realloc.c
+++ b/libc/stdlib/malloc-standard/realloc.c
@@ -54,9 +54,9 @@ void* realloc(void* oldmem, size_t bytes)
 	return NULL;
     }
 
+    checked_request2size(bytes, nb);
     __MALLOC_LOCK;
     av = get_malloc_state();
-    checked_request2size(bytes, nb);
 
     oldp    = mem2chunk(oldmem);
     oldsize = chunksize(oldp);
-- 
cgit v1.2.3


From be61486447ab447ac24892845af92489fe0b7148 Mon Sep 17 00:00:00 2001
From: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Date: Wed, 18 Mar 2015 23:11:39 +0100
Subject: malloc-standard: Add locking to malloc_trim

Closes bugzilla #4586

Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
---
 libc/stdlib/malloc-standard/free.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'libc/stdlib')

diff --git a/libc/stdlib/malloc-standard/free.c b/libc/stdlib/malloc-standard/free.c
index 39e54d635..8b7a81fca 100644
--- a/libc/stdlib/malloc-standard/free.c
+++ b/libc/stdlib/malloc-standard/free.c
@@ -104,9 +104,13 @@ static int __malloc_trim(size_t pad, mstate av)
 */
 int malloc_trim(size_t pad)
 {
+  int r;
+  __MALLOC_LOCK;
   mstate av = get_malloc_state();
   __malloc_consolidate(av);
-  return __malloc_trim(pad, av);
+  r = __malloc_trim(pad, av);
+  __MALLOC_UNLOCK;
+  return r;
 }
 
 /*
-- 
cgit v1.2.3


From 9faa7e94b824e1dc5fd9ce1b6f16c1b3f13c601a Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Sat, 23 Jun 2012 13:26:30 -0700
Subject: atexit_old: Do not add it to shared libc

atexit should only be in either uclibc_nonshared.a
shared libc case or libc.a in static build case

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
---
 libc/stdlib/Makefile.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'libc/stdlib')

diff --git a/libc/stdlib/Makefile.in b/libc/stdlib/Makefile.in
index 880de78d8..071f91119 100644
--- a/libc/stdlib/Makefile.in
+++ b/libc/stdlib/Makefile.in
@@ -61,7 +61,6 @@ CSRC-$(if $(findstring yyy,$(UCLIBC_HAS_FLOATS)$(UCLIBC_HAS_WCHAR)$(UCLIBC_HAS_X
 
 # multi source _atexit.c
 CSRC-y += __cxa_atexit.c __cxa_finalize.c __exit_handler.c exit.c on_exit.c
-CSRC-$(COMPAT_ATEXIT) += old_atexit.c
 
 STDLIB_DIR := $(top_srcdir)libc/stdlib
 STDLIB_OUT := $(top_builddir)libc/stdlib
@@ -71,11 +70,12 @@ STDLIB_OBJ := $(patsubst %.c,$(STDLIB_OUT)/%.o,$(CSRC-y))
 
 libc-y += $(STDLIB_OBJ)
 libc-static-y += $(STDLIB_OUT)/atexit.o $(STDLIB_OUT)/system.o
+libc-static-$(COMPAT_ATEXIT) += $(STDLIB_OUT)/old_atexit.o
 libc-shared-y += $(STDLIB_OUT)/system.oS
 
 # this should always be the PIC version, because it could be used in shared libs
 libc-nonshared-y += $(STDLIB_OUT)/atexit.os
-
+libc-nonshared-$(COMPAT_ATEXIT) += $(STDLIB_OUT)/old_atexit.os
 libc-nomulti-y += $(STDLIB_OUT)/labs.o $(STDLIB_OUT)/atol.o $(STDLIB_OUT)/_stdlib_strto_l.o $(STDLIB_OUT)/_stdlib_strto_ll.o
 libc-nomulti-$(UCLIBC_HAS_XLOCALE) += $(STDLIB_OUT)/_stdlib_strto_l_l.o $(STDLIB_OUT)/_stdlib_strto_ll_l.o
 
-- 
cgit v1.2.3