[PATCH] sheep: do NOT rely on returning zero memory area in calloc
4 views
Skip to first unread message
Meng Lingkun
Aug 9, 2016, 9:23:06 PM8/9/16
to sheep...@googlegroups.com, Meng Lingkun
This bug appeared more than once in glibc. We find it again in
https://bugzilla.redhat.com/show_bug.cgi?id=1293976. As a result,
we really get into trouble. So it's better to zero the memory
using memset. And call xzalloc instead of zalloc in the only two
remaining functions.
Signed-off-by: Meng Lingkun <mengl...@cmss.chinamobile.com>
---
include/util.h | 6 +++++-
lib/util.c | 6 +++++-
sheep/request.c | 4 ++--
3 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/include/util.h b/include/util.h
index 914d767..f034e01 100644
--- a/include/util.h
+++ b/include/util.h
@@ -101,7 +101,11 @@ static inline int after(uint32_t seq1, uint32_t seq2)
static inline void *zalloc(size_t size)
{
- return calloc(1, size);
+ void *ret;
+ ret = malloc(size);
+ if (ret)
+ memset(ret, 0, size);
+ return ret;
}
/*
diff --git a/lib/util.c b/lib/util.c
index 395a2c9..eca0c5f 100644
--- a/lib/util.c
+++ b/lib/util.c
@@ -60,7 +60,10 @@ void *xmalloc(size_t size)
void *xzalloc(size_t size)
{
- return xcalloc(1, size);
+ void *ret;
+ ret = xmalloc(size);
+ memset(ret, 0, size);
+ return ret;
}
void *xrealloc(void *ptr, size_t size)
@@ -92,6 +95,7 @@ void *xcalloc(size_t nmemb, size_t size)
if (!ret)
panic("Out of memory");
}
+ memset(ret, 0, nmemb * size);
return ret;
}
diff --git a/sheep/request.c b/sheep/request.c
index ccfc1ea..c7a3efc 100644
--- a/sheep/request.c
+++ b/sheep/request.c
@@ -654,7 +654,7 @@ static struct request *alloc_request(struct client_info *ci,
{
struct request *req;
- req = zalloc(sizeof(struct request));
+ req = xzalloc(sizeof(struct request));
if (!req)
return NULL;
@@ -976,7 +976,7 @@ static struct client_info *create_client(int fd)
struct sockaddr_storage from;
socklen_t namesize = sizeof(from);
- ci = zalloc(sizeof(*ci));
+ ci = xzalloc(sizeof(*ci));
if (!ci)
return NULL;
--
1.7.1
https://bugzilla.redhat.com/show_bug.cgi?id=1293976. As a result,
we really get into trouble. So it's better to zero the memory
using memset. And call xzalloc instead of zalloc in the only two
remaining functions.
Signed-off-by: Meng Lingkun <mengl...@cmss.chinamobile.com>
---
include/util.h | 6 +++++-
lib/util.c | 6 +++++-
sheep/request.c | 4 ++--
3 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/include/util.h b/include/util.h
index 914d767..f034e01 100644
--- a/include/util.h
+++ b/include/util.h
@@ -101,7 +101,11 @@ static inline int after(uint32_t seq1, uint32_t seq2)
static inline void *zalloc(size_t size)
{
- return calloc(1, size);
+ void *ret;
+ ret = malloc(size);
+ if (ret)
+ memset(ret, 0, size);
+ return ret;
}
/*
diff --git a/lib/util.c b/lib/util.c
index 395a2c9..eca0c5f 100644
--- a/lib/util.c
+++ b/lib/util.c
@@ -60,7 +60,10 @@ void *xmalloc(size_t size)
void *xzalloc(size_t size)
{
- return xcalloc(1, size);
+ void *ret;
+ ret = xmalloc(size);
+ memset(ret, 0, size);
+ return ret;
}
void *xrealloc(void *ptr, size_t size)
@@ -92,6 +95,7 @@ void *xcalloc(size_t nmemb, size_t size)
if (!ret)
panic("Out of memory");
}
+ memset(ret, 0, nmemb * size);
return ret;
}
diff --git a/sheep/request.c b/sheep/request.c
index ccfc1ea..c7a3efc 100644
--- a/sheep/request.c
+++ b/sheep/request.c
@@ -654,7 +654,7 @@ static struct request *alloc_request(struct client_info *ci,
{
struct request *req;
- req = zalloc(sizeof(struct request));
+ req = xzalloc(sizeof(struct request));
if (!req)
return NULL;
@@ -976,7 +976,7 @@ static struct client_info *create_client(int fd)
struct sockaddr_storage from;
socklen_t namesize = sizeof(from);
- ci = zalloc(sizeof(*ci));
+ ci = xzalloc(sizeof(*ci));
if (!ci)
return NULL;
--
1.7.1
Liu Yuan
Aug 15, 2016, 1:54:49 AM8/15/16
to Meng Lingkun, sheep...@googlegroups.com
On Wed, Aug 10, 2016 at 09:21:49AM +0800, Meng Lingkun wrote:
> This bug appeared more than once in glibc. We find it again in
> https://bugzilla.redhat.com/show_bug.cgi?id=1293976. As a result,
> we really get into trouble. So it's better to zero the memory
> using memset. And call xzalloc instead of zalloc in the only two
> remaining functions.
>
Applied, thanks.
> This bug appeared more than once in glibc. We find it again in
> https://bugzilla.redhat.com/show_bug.cgi?id=1293976. As a result,
> we really get into trouble. So it's better to zero the memory
> using memset. And call xzalloc instead of zalloc in the only two
> remaining functions.
>
Yuan
Reply all
Reply to author
Forward
0 new messages