lint: fix memory allocation (since 2021-08-28)

In mem1.c 1.50 and mem2.c 1.13 from 2021-08-28, I accidentally changed the initialization of mblklen from round_up to round_down, trying to avoid a division instruction. On NetBSD x86_64 this resulted in a few more malloc calls, but on Cygwin with its 64k pagesize, mblklen became 0. Later, the function xalloc in lint2 called xalloc(mblklen) and blindly assumed that the returned memory would be large enough. This in turn led to out-of-bounds memory access and crashes. Lint1 was not affected since it adjust mblklen during runtime if it gets too small.
2021-08-31 17:22:24 +00:00 · 2021-08-31 17:22:24 +00:00 · 5788d57ee7
parent 6ac4757e25
commit 5788d57ee7
4 changed files with 22 additions and 13 deletions
--- a/usr.bin/xlint/common/externs.h
+++ b/usr.bin/xlint/common/externs.h
@ -1,4 +1,4 @@
-/*	$NetBSD: externs.h,v 1.20 2021/08/22 15:06:49 rillig Exp $	*/
+/*	$NetBSD: externs.h,v 1.21 2021/08/31 17:22:24 rillig Exp $	*/

 /*
 * Copyright (c) 1994, 1995 Jochen Pohl
@ -45,6 +45,7 @@ extern	const	char *tspec_name(tspec_t);
 /*
 * mem.c
 */
+extern	size_t	mem_block_size(void);
 extern	void	*xmalloc(size_t);
 extern	void	*xcalloc(size_t, size_t);
 extern	void	*xrealloc(void *, size_t);
--- a/usr.bin/xlint/common/mem.c
+++ b/usr.bin/xlint/common/mem.c
@ -1,4 +1,4 @@
-/*	$NetBSD: mem.c,v 1.18 2021/08/28 13:29:26 rillig Exp $	*/
+/*	$NetBSD: mem.c,v 1.19 2021/08/31 17:22:24 rillig Exp $	*/

 /*
 * Copyright (c) 1994, 1995 Jochen Pohl
@ -37,15 +37,27 @@

 #include <sys/cdefs.h>
 #if defined(__RCSID) && !defined(lint)
-__RCSID("$NetBSD: mem.c,v 1.18 2021/08/28 13:29:26 rillig Exp $");
+__RCSID("$NetBSD: mem.c,v 1.19 2021/08/31 17:22:24 rillig Exp $");
 #endif

 #include <stdarg.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>

 #include "lint.h"

+#if defined(IS_LINT1) || defined(IS_LINT2)
+size_t
+mem_block_size(void)
+{
+	unsigned int pagesize;
+
+	pagesize = (unsigned int)getpagesize();
+	return (MBLKSIZ + pagesize - 1) / pagesize * pagesize;
+}
+#endif
+
 static void *
 not_null(void *ptr)
 {
--- a/usr.bin/xlint/lint1/mem1.c
+++ b/usr.bin/xlint/lint1/mem1.c
@ -1,4 +1,4 @@
-/*	$NetBSD: mem1.c,v 1.51 2021/08/28 13:29:26 rillig Exp $	*/
+/*	$NetBSD: mem1.c,v 1.52 2021/08/31 17:22:25 rillig Exp $	*/

 /*
 * Copyright (c) 1994, 1995 Jochen Pohl
@ -37,14 +37,12 @@

 #include <sys/cdefs.h>
 #if defined(__RCSID) && !defined(lint)
-__RCSID("$NetBSD: mem1.c,v 1.51 2021/08/28 13:29:26 rillig Exp $");
+__RCSID("$NetBSD: mem1.c,v 1.52 2021/08/31 17:22:25 rillig Exp $");
 #endif

-#include <sys/types.h>
 #include <sys/param.h>
 #include <stdlib.h>
 #include <string.h>
-#include <unistd.h>

 #include "lint1.h"

@ -286,7 +284,7 @@ void
 initmem(void)
 {

-	mblklen = MBLKSIZ - MBLKSIZ % (unsigned int)getpagesize();
+	mblklen = mem_block_size();
 	mblks = xcalloc(nmblks = ML_INC, sizeof(*mblks));
 }

--- a/usr.bin/xlint/lint2/mem2.c
+++ b/usr.bin/xlint/lint2/mem2.c
@ -1,4 +1,4 @@
-/*	$NetBSD: mem2.c,v 1.13 2021/08/28 12:59:25 rillig Exp $	*/
+/*	$NetBSD: mem2.c,v 1.14 2021/08/31 17:22:25 rillig Exp $	*/

 /*
 * Copyright (c) 1994, 1995 Jochen Pohl
@ -37,13 +37,11 @@

 #include <sys/cdefs.h>
 #if defined(__RCSID) && !defined(lint)
-__RCSID("$NetBSD: mem2.c,v 1.13 2021/08/28 12:59:25 rillig Exp $");
+__RCSID("$NetBSD: mem2.c,v 1.14 2021/08/31 17:22:25 rillig Exp $");
 #endif

 #include <sys/param.h>
-#include <sys/types.h>
 #include <string.h>
-#include <unistd.h>

 #include "lint2.h"

@ -60,7 +58,7 @@ void
 initmem(void)
 {

-	mblklen = MBLKSIZ - MBLKSIZ % (unsigned int)getpagesize();
+	mblklen = mem_block_size();
 	nxtfree = mblklen;
 }