diff options
author | Otto Moerbeek <otto@cvs.openbsd.org> | 2008-08-22 21:25:11 +0000 |
---|---|---|
committer | Otto Moerbeek <otto@cvs.openbsd.org> | 2008-08-22 21:25:11 +0000 |
commit | cb762ea2dc495631a83f1e36bbd972bfdffb2df0 (patch) | |
tree | 1c372ad65ba748969a7a3210ffdfb77c3460897f /lib/libc/stdlib | |
parent | c2900cb2a491764b637f8445c80a19b2fd3f2e25 (diff) |
make sure we always map and unmap multiples of MALLOC_PAGESIZE;
case spotted by beck, one by me; ok deraadt@ beck@
Diffstat (limited to 'lib/libc/stdlib')
-rw-r--r-- | lib/libc/stdlib/malloc.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c index d03b8315146..4379e091574 100644 --- a/lib/libc/stdlib/malloc.c +++ b/lib/libc/stdlib/malloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: malloc.c,v 1.94 2008/08/22 17:14:57 otto Exp $ */ +/* $OpenBSD: malloc.c,v 1.95 2008/08/22 21:25:10 otto Exp $ */ /* * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net> * @@ -382,11 +382,16 @@ wrtwarning(char *p) static void unmap(struct dir_info *d, void *p, size_t sz) { - size_t psz = PAGEROUND(sz) >> MALLOC_PAGESHIFT; + size_t psz = sz >> MALLOC_PAGESHIFT; size_t rsz, tounmap; struct region_info *r; u_int i, offset; + if (sz != PAGEROUND(sz)) { + wrterror("munmap round"); + return; + } + if (psz > malloc_cache) { if (munmap(p, sz)) wrterror("munmap"); @@ -445,11 +450,15 @@ unmap(struct dir_info *d, void *p, size_t sz) static void * map(struct dir_info *d, size_t sz, int zero_fill) { - size_t psz = PAGEROUND(sz) >> MALLOC_PAGESHIFT; + size_t psz = sz >> MALLOC_PAGESHIFT; struct region_info *r, *big = NULL; u_int i, offset; void *p; + if (sz != PAGEROUND(sz)) { + wrterror("map round"); + return NULL; + } if (psz > d->free_regions_size) { p = MMAP(sz); if (p != MAP_FAILED) @@ -1065,7 +1074,7 @@ omalloc(size_t sz, int zero_fill) return NULL; } if (insert(&g_pool, p, sz)) { - unmap(&g_pool, p, sz); + unmap(&g_pool, p, psz); errno = ENOMEM; return NULL; } @@ -1181,7 +1190,7 @@ ofree(void *p) } if (malloc_junk) memset(p, SOME_FREEJUNK, PAGEROUND(sz) - malloc_guard); - unmap(&g_pool, p, sz); + unmap(&g_pool, p, PAGEROUND(sz)); delete(&g_pool, r); } else { void *tmp; |