RepoMirrors
/
musl
mirror of git://git.musl-libc.org/musl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

use new a_crash() asm to optimize double-free handler. 

gcc generates extremely bad code (7 byte immediate mov) for the old
null pointer write approach. it should be generating something like
"xor %eax,%eax ; mov %al,(%eax)". in any case, using a dedicated
crashing opcode accomplishes the same thing in one byte.
This commit is contained in:
Rich Felker 2011-08-23 09:43:45 -04:00
parent df0b5a4940
commit 1c8bead345
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/malloc/malloc.c
View File

@ -394,7 +394,7 @@ void *realloc(void *p, size_t n)
size_t oldlen = n0 + extra; size_t oldlen = n0 + extra;
size_t newlen = n + extra; size_t newlen = n + extra;
/* Crash on realloc of freed chunk */ /* Crash on realloc of freed chunk */
if (extra & 1) *(volatile char *)0=0; if (extra & 1) a_crash();
if (newlen < PAGE_SIZE && (new = malloc(n))) { if (newlen < PAGE_SIZE && (new = malloc(n))) {
memcpy(new, p, n-OVERHEAD); memcpy(new, p, n-OVERHEAD);
free(p); free(p);
@ -457,7 +457,7 @@ void free(void *p)
char *base = (char *)self - extra; char *base = (char *)self - extra;
size_t len = CHUNK_SIZE(self) + extra; size_t len = CHUNK_SIZE(self) + extra;
/* Crash on double free */ /* Crash on double free */
if (extra & 1) *(volatile char *)0=0; if (extra & 1) a_crash();
__munmap(base, len); __munmap(base, len);
return; return;
} }