Range-check mib[1] --> arena_ind casts.
This commit is contained in:
Jason Evans
parent
c0a05e6aba
commit
6edbedd916
@ -19,7 +19,7 @@ struct ctl_named_node_s {
|
|||||||
struct ctl_node_s node;
|
struct ctl_node_s node;
|
||||||
const char *name;
|
const char *name;
|
||||||
/* If (nchildren == 0), this is a terminal node. */
|
/* If (nchildren == 0), this is a terminal node. */
|
||||||
unsigned nchildren;
|
size_t nchildren;
|
||||||
const ctl_node_t *children;
|
const ctl_node_t *children;
|
||||||
int (*ctl)(tsd_t *, const size_t *, size_t, void *,
|
int (*ctl)(tsd_t *, const size_t *, size_t, void *,
|
||||||
size_t *, void *, size_t);
|
size_t *, void *, size_t);
|
||||||
|
|||||||
29
src/ctl.c
29
src/ctl.c
@ -899,7 +899,7 @@ ctl_bymib(tsd_t *tsd, const size_t *mib, size_t miblen, void *oldp,
|
|||||||
assert(node->nchildren > 0);
|
assert(node->nchildren > 0);
|
||||||
if (ctl_named_node(node->children) != NULL) {
|
if (ctl_named_node(node->children) != NULL) {
|
||||||
/* Children are named. */
|
/* Children are named. */
|
||||||
if (node->nchildren <= (unsigned)mib[i]) {
|
if (node->nchildren <= mib[i]) {
|
||||||
ret = ENOENT;
|
ret = ENOENT;
|
||||||
goto label_return;
|
goto label_return;
|
||||||
}
|
}
|
||||||
@ -1010,6 +1010,14 @@ ctl_postfork_child(tsdn_t *tsdn)
|
|||||||
} \
|
} \
|
||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
|
#define MIB_UNSIGNED(v, i) do { \
|
||||||
|
if (mib[i] > UINT_MAX) { \
|
||||||
|
ret = EFAULT; \
|
||||||
|
goto label_return; \
|
||||||
|
} \
|
||||||
|
v = (unsigned)mib[i]; \
|
||||||
|
} while (0)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* There's a lot of code duplication in the following macros due to limitations
|
* There's a lot of code duplication in the following macros due to limitations
|
||||||
* in how nested cpp macros are expanded.
|
* in how nested cpp macros are expanded.
|
||||||
@ -1503,10 +1511,12 @@ arena_i_purge_ctl(tsd_t *tsd, const size_t *mib, size_t miblen, void *oldp,
|
|||||||
size_t *oldlenp, void *newp, size_t newlen)
|
size_t *oldlenp, void *newp, size_t newlen)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
unsigned arena_ind;
|
||||||
|
|
||||||
READONLY();
|
READONLY();
|
||||||
WRITEONLY();
|
WRITEONLY();
|
||||||
arena_i_purge(tsd_tsdn(tsd), (unsigned)mib[1], true);
|
MIB_UNSIGNED(arena_ind, 1);
|
||||||
|
arena_i_purge(tsd_tsdn(tsd), arena_ind, true);
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
label_return:
|
label_return:
|
||||||
@ -1518,10 +1528,12 @@ arena_i_decay_ctl(tsd_t *tsd, const size_t *mib, size_t miblen, void *oldp,
|
|||||||
size_t *oldlenp, void *newp, size_t newlen)
|
size_t *oldlenp, void *newp, size_t newlen)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
unsigned arena_ind;
|
||||||
|
|
||||||
READONLY();
|
READONLY();
|
||||||
WRITEONLY();
|
WRITEONLY();
|
||||||
arena_i_purge(tsd_tsdn(tsd), (unsigned)mib[1], false);
|
MIB_UNSIGNED(arena_ind, 1);
|
||||||
|
arena_i_purge(tsd_tsdn(tsd), arena_ind, false);
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
label_return:
|
label_return:
|
||||||
@ -1538,8 +1550,8 @@ arena_i_reset_ctl(tsd_t *tsd, const size_t *mib, size_t miblen, void *oldp,
|
|||||||
|
|
||||||
READONLY();
|
READONLY();
|
||||||
WRITEONLY();
|
WRITEONLY();
|
||||||
|
MIB_UNSIGNED(arena_ind, 1);
|
||||||
|
|
||||||
arena_ind = (unsigned)mib[1];
|
|
||||||
if (config_debug) {
|
if (config_debug) {
|
||||||
malloc_mutex_lock(tsd_tsdn(tsd), &ctl_mtx);
|
malloc_mutex_lock(tsd_tsdn(tsd), &ctl_mtx);
|
||||||
assert(arena_ind < ctl_stats->narenas);
|
assert(arena_ind < ctl_stats->narenas);
|
||||||
@ -1566,12 +1578,13 @@ arena_i_dss_ctl(tsd_t *tsd, const size_t *mib, size_t miblen, void *oldp,
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
const char *dss = NULL;
|
const char *dss = NULL;
|
||||||
unsigned arena_ind = (unsigned)mib[1];
|
unsigned arena_ind;
|
||||||
dss_prec_t dss_prec_old = dss_prec_limit;
|
dss_prec_t dss_prec_old = dss_prec_limit;
|
||||||
dss_prec_t dss_prec = dss_prec_limit;
|
dss_prec_t dss_prec = dss_prec_limit;
|
||||||
|
|
||||||
malloc_mutex_lock(tsd_tsdn(tsd), &ctl_mtx);
|
malloc_mutex_lock(tsd_tsdn(tsd), &ctl_mtx);
|
||||||
WRITE(dss, const char *);
|
WRITE(dss, const char *);
|
||||||
|
MIB_UNSIGNED(arena_ind, 1);
|
||||||
if (dss != NULL) {
|
if (dss != NULL) {
|
||||||
int i;
|
int i;
|
||||||
bool match = false;
|
bool match = false;
|
||||||
@ -1626,9 +1639,10 @@ arena_i_decay_time_ctl(tsd_t *tsd, const size_t *mib, size_t miblen, void *oldp,
|
|||||||
size_t *oldlenp, void *newp, size_t newlen)
|
size_t *oldlenp, void *newp, size_t newlen)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
unsigned arena_ind = (unsigned)mib[1];
|
unsigned arena_ind;
|
||||||
arena_t *arena;
|
arena_t *arena;
|
||||||
|
|
||||||
|
MIB_UNSIGNED(arena_ind, 1);
|
||||||
arena = arena_get(tsd_tsdn(tsd), arena_ind, false);
|
arena = arena_get(tsd_tsdn(tsd), arena_ind, false);
|
||||||
if (arena == NULL) {
|
if (arena == NULL) {
|
||||||
ret = EFAULT;
|
ret = EFAULT;
|
||||||
@ -1661,10 +1675,11 @@ arena_i_extent_hooks_ctl(tsd_t *tsd, const size_t *mib, size_t miblen,
|
|||||||
void *oldp, size_t *oldlenp, void *newp, size_t newlen)
|
void *oldp, size_t *oldlenp, void *newp, size_t newlen)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
unsigned arena_ind = (unsigned)mib[1];
|
unsigned arena_ind;
|
||||||
arena_t *arena;
|
arena_t *arena;
|
||||||
|
|
||||||
malloc_mutex_lock(tsd_tsdn(tsd), &ctl_mtx);
|
malloc_mutex_lock(tsd_tsdn(tsd), &ctl_mtx);
|
||||||
|
MIB_UNSIGNED(arena_ind, 1);
|
||||||
if (arena_ind < narenas_total_get() && (arena =
|
if (arena_ind < narenas_total_get() && (arena =
|
||||||
arena_get(tsd_tsdn(tsd), arena_ind, false)) != NULL) {
|
arena_get(tsd_tsdn(tsd), arena_ind, false)) != NULL) {
|
||||||
if (newp != NULL) {
|
if (newp != NULL) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user