From da757e7eeefc7ba7a09abee455b064c3670453bc Mon Sep 17 00:00:00 2001 From: panzhe0328 Date: Thu, 23 Oct 2025 11:54:07 +0800 Subject: [PATCH] malloc: Add more integrity checks to mremap_chunk --- glibc.spec | 6 ++- ...ore-integrity-checks-to-mremap_chunk.patch | 44 +++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 malloc-Add-more-integrity-checks-to-mremap_chunk.patch diff --git a/glibc.spec b/glibc.spec index 99be242..ffeb760 100644 --- a/glibc.spec +++ b/glibc.spec @@ -62,7 +62,7 @@ ############################################################################## Name: glibc Version: 2.28 -Release: 116 +Release: 117 Summary: The GNU libc libraries License: %{all_license} URL: http://www.gnu.org/software/glibc/ @@ -184,6 +184,7 @@ Patch97: stdio-Fix-aliasing-violation.patch Patch98: use_uintptr_t_for_address_diagnostic.patch Patch99: fix-global_max_fast-based-on-MIN_CHUNK_SIZE.patch Patch100: malloc_remove_unwanted_leading_whitespace_in_malloc_info.patch +Patch101: malloc-Add-more-integrity-checks-to-mremap_chunk.patch Provides: ldconfig rtld(GNU_HASH) bundled(gnulib) @@ -1303,6 +1304,9 @@ fi %endif %changelog +* Thu Oct 23 2025 panzhe - 2.28-117 +- malloc: Add more integrity checks to mremap_chunk + * Wed Oct 22 2025 panzhe - 2.28-116 - malloc: Remove unwanted leading whitespace in malloc_info diff --git a/malloc-Add-more-integrity-checks-to-mremap_chunk.patch b/malloc-Add-more-integrity-checks-to-mremap_chunk.patch new file mode 100644 index 0000000..52d8114 --- /dev/null +++ b/malloc-Add-more-integrity-checks-to-mremap_chunk.patch @@ -0,0 +1,44 @@ +From ebe544bf6e8eec35e754fd49efb027c6f161b6cb Mon Sep 17 00:00:00 2001 +From: Istvan Kurucsai +Date: Thu, 20 Dec 2018 23:30:07 -0500 +Subject: [PATCH] malloc: Add more integrity checks to mremap_chunk. + +* malloc/malloc.c (mremap_chunk): Additional checks. + +--- + malloc/malloc.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/malloc/malloc.c b/malloc/malloc.c +index 07765c4c..bf3e8ea4 100644 +--- a/malloc/malloc.c ++++ b/malloc/malloc.c +@@ -2863,16 +2863,22 @@ mremap_chunk (mchunkptr p, size_t new_size) + char *cp; + + assert (chunk_is_mmapped (p)); +- assert (((size + offset) & (GLRO (dl_pagesize) - 1)) == 0); ++ ++ uintptr_t block = (uintptr_t) p - offset; ++ uintptr_t mem = (uintptr_t) chunk2mem(p); ++ size_t total_size = offset + size; ++ if (__glibc_unlikely ((block | total_size) & (pagesize - 1)) != 0 ++ || __glibc_unlikely (!powerof2 (mem & (pagesize - 1)))) ++ malloc_printerr("mremap_chunk(): invalid pointer"); + + /* Note the extra SIZE_SZ overhead as in mmap_chunk(). */ + new_size = ALIGN_UP (new_size + offset + SIZE_SZ, pagesize); + + /* No need to remap if the number of pages does not change. */ +- if (size + offset == new_size) ++ if (total_size == new_size) + return p; + +- cp = (char *) __mremap ((char *) p - offset, size + offset, new_size, ++ cp = (char *) __mremap ((char *) block, total_size, new_size, + MREMAP_MAYMOVE); + + if (cp == MAP_FAILED) +-- +2.33.0 + -- Gitee