77 lines
2.4 KiB
Diff
77 lines
2.4 KiB
Diff
From eee1fad18d3caebde0de36c58d3e77a10f98d287 Mon Sep 17 00:00:00 2001
|
|
From: William Brown <wbrown@suse.de>
|
|
Date: Wed, 11 May 2022 12:40:50 +1000
|
|
Subject: [PATCH] Change malloc to use calloc to prevent memory reuse
|
|
corruption
|
|
|
|
---
|
|
servers/slapd/sl_malloc.c | 18 ++++++++++++------
|
|
1 file changed, 12 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/servers/slapd/sl_malloc.c b/servers/slapd/sl_malloc.c
|
|
index 942f7402bd..01f3634574 100644
|
|
--- a/servers/slapd/sl_malloc.c
|
|
+++ b/servers/slapd/sl_malloc.c
|
|
@@ -292,8 +292,8 @@ slap_sl_mem_setctx(
|
|
SET_MEMCTX(thrctx, memctx, slap_sl_mem_destroy);
|
|
}
|
|
|
|
-void *
|
|
-slap_sl_malloc(
|
|
+static void *
|
|
+slap_sl_malloc_inner(
|
|
ber_len_t size,
|
|
void *ctx
|
|
)
|
|
@@ -394,6 +394,12 @@ slap_sl_malloc(
|
|
((0UL|(t)-1) >>31>>31 > 1 ? ((t)1 <<32) - 1 : \
|
|
(0UL|(t)-1) >>31 ? 65535U : (0UL|(t)-1) >>15 ? 255U : 15U)
|
|
|
|
+void *
|
|
+slap_sl_malloc( ber_len_t size, void *ctx )
|
|
+{
|
|
+ return slap_sl_calloc(1, size, ctx);
|
|
+}
|
|
+
|
|
void *
|
|
slap_sl_calloc( ber_len_t n, ber_len_t size, void *ctx )
|
|
{
|
|
@@ -402,7 +408,7 @@ slap_sl_calloc( ber_len_t n, ber_len_t size, void *ctx )
|
|
|
|
/* The sqrt test is a slight optimization: often avoids the division */
|
|
if ((n | size) <= LIM_SQRT(ber_len_t) || n == 0 || total/n == size) {
|
|
- newptr = slap_sl_malloc( total, ctx );
|
|
+ newptr = slap_sl_malloc_inner( total, ctx );
|
|
memset( newptr, 0, n*size );
|
|
} else {
|
|
Debug(LDAP_DEBUG_ANY, "slap_sl_calloc(%lu,%lu) out of range\n",
|
|
@@ -421,7 +427,7 @@ slap_sl_realloc(void *ptr, ber_len_t size, void *ctx)
|
|
void *newptr;
|
|
|
|
if (ptr == NULL)
|
|
- return slap_sl_malloc(size, ctx);
|
|
+ return slap_sl_malloc_inner(size, ctx);
|
|
|
|
/* Not our memory? */
|
|
if (No_sl_malloc || !sh || ptr < sh->sh_base || ptr >= sh->sh_end) {
|
|
@@ -468,7 +474,7 @@ slap_sl_realloc(void *ptr, ber_len_t size, void *ctx)
|
|
/* Nowhere to grow, need to alloc and copy */
|
|
} else {
|
|
/* Slight optimization of the final realloc variant */
|
|
- newptr = slap_sl_malloc(size-sizeof(ber_len_t), ctx);
|
|
+ newptr = slap_sl_malloc_inner(size-sizeof(ber_len_t), ctx);
|
|
AC_MEMCPY(newptr, ptr, oldsize-sizeof(ber_len_t));
|
|
/* Not last block, can just mark old region as free */
|
|
nextp[-1] = oldsize;
|
|
@@ -483,7 +489,7 @@ slap_sl_realloc(void *ptr, ber_len_t size, void *ctx)
|
|
oldsize = size;
|
|
}
|
|
|
|
- newptr = slap_sl_malloc(size, ctx);
|
|
+ newptr = slap_sl_malloc_inner(size, ctx);
|
|
AC_MEMCPY(newptr, ptr, oldsize);
|
|
slap_sl_free(ptr, ctx);
|
|
return newptr;
|
|
--
|
|
2.36.1
|
|
|