From 5788d57ee76559e12fed63f6afb64cfe0fa8477e Mon Sep 17 00:00:00 2001 From: rillig Date: Tue, 31 Aug 2021 17:22:24 +0000 Subject: [PATCH] lint: fix memory allocation (since 2021-08-28) In mem1.c 1.50 and mem2.c 1.13 from 2021-08-28, I accidentally changed the initialization of mblklen from round_up to round_down, trying to avoid a division instruction. On NetBSD x86_64 this resulted in a few more malloc calls, but on Cygwin with its 64k pagesize, mblklen became 0. Later, the function xalloc in lint2 called xalloc(mblklen) and blindly assumed that the returned memory would be large enough. This in turn led to out-of-bounds memory access and crashes. Lint1 was not affected since it adjust mblklen during runtime if it gets too small. --- usr.bin/xlint/common/externs.h | 3 ++- usr.bin/xlint/common/mem.c | 16 ++++++++++++++-- usr.bin/xlint/lint1/mem1.c | 8 +++----- usr.bin/xlint/lint2/mem2.c | 8 +++----- 4 files changed, 22 insertions(+), 13 deletions(-) diff --git a/usr.bin/xlint/common/externs.h b/usr.bin/xlint/common/externs.h index 94b1f8ebe73d..03a3ce1f42f6 100644 --- a/usr.bin/xlint/common/externs.h +++ b/usr.bin/xlint/common/externs.h @@ -1,4 +1,4 @@ -/* $NetBSD: externs.h,v 1.20 2021/08/22 15:06:49 rillig Exp $ */ +/* $NetBSD: externs.h,v 1.21 2021/08/31 17:22:24 rillig Exp $ */ /* * Copyright (c) 1994, 1995 Jochen Pohl @@ -45,6 +45,7 @@ extern const char *tspec_name(tspec_t); /* * mem.c */ +extern size_t mem_block_size(void); extern void *xmalloc(size_t); extern void *xcalloc(size_t, size_t); extern void *xrealloc(void *, size_t); diff --git a/usr.bin/xlint/common/mem.c b/usr.bin/xlint/common/mem.c index 36c29357c08d..d11202e07aa1 100644 --- a/usr.bin/xlint/common/mem.c +++ b/usr.bin/xlint/common/mem.c @@ -1,4 +1,4 @@ -/* $NetBSD: mem.c,v 1.18 2021/08/28 13:29:26 rillig Exp $ */ +/* $NetBSD: mem.c,v 1.19 2021/08/31 17:22:24 rillig Exp $ */ /* * Copyright (c) 1994, 1995 Jochen Pohl @@ -37,15 +37,27 @@ #include #if defined(__RCSID) && !defined(lint) -__RCSID("$NetBSD: mem.c,v 1.18 2021/08/28 13:29:26 rillig Exp $"); +__RCSID("$NetBSD: mem.c,v 1.19 2021/08/31 17:22:24 rillig Exp $"); #endif #include #include #include +#include #include "lint.h" +#if defined(IS_LINT1) || defined(IS_LINT2) +size_t +mem_block_size(void) +{ + unsigned int pagesize; + + pagesize = (unsigned int)getpagesize(); + return (MBLKSIZ + pagesize - 1) / pagesize * pagesize; +} +#endif + static void * not_null(void *ptr) { diff --git a/usr.bin/xlint/lint1/mem1.c b/usr.bin/xlint/lint1/mem1.c index 4ec0af66f024..e08f326bff68 100644 --- a/usr.bin/xlint/lint1/mem1.c +++ b/usr.bin/xlint/lint1/mem1.c @@ -1,4 +1,4 @@ -/* $NetBSD: mem1.c,v 1.51 2021/08/28 13:29:26 rillig Exp $ */ +/* $NetBSD: mem1.c,v 1.52 2021/08/31 17:22:25 rillig Exp $ */ /* * Copyright (c) 1994, 1995 Jochen Pohl @@ -37,14 +37,12 @@ #include #if defined(__RCSID) && !defined(lint) -__RCSID("$NetBSD: mem1.c,v 1.51 2021/08/28 13:29:26 rillig Exp $"); +__RCSID("$NetBSD: mem1.c,v 1.52 2021/08/31 17:22:25 rillig Exp $"); #endif -#include #include #include #include -#include #include "lint1.h" @@ -286,7 +284,7 @@ void initmem(void) { - mblklen = MBLKSIZ - MBLKSIZ % (unsigned int)getpagesize(); + mblklen = mem_block_size(); mblks = xcalloc(nmblks = ML_INC, sizeof(*mblks)); } diff --git a/usr.bin/xlint/lint2/mem2.c b/usr.bin/xlint/lint2/mem2.c index 849dcf4385a6..b698bd25dbc3 100644 --- a/usr.bin/xlint/lint2/mem2.c +++ b/usr.bin/xlint/lint2/mem2.c @@ -1,4 +1,4 @@ -/* $NetBSD: mem2.c,v 1.13 2021/08/28 12:59:25 rillig Exp $ */ +/* $NetBSD: mem2.c,v 1.14 2021/08/31 17:22:25 rillig Exp $ */ /* * Copyright (c) 1994, 1995 Jochen Pohl @@ -37,13 +37,11 @@ #include #if defined(__RCSID) && !defined(lint) -__RCSID("$NetBSD: mem2.c,v 1.13 2021/08/28 12:59:25 rillig Exp $"); +__RCSID("$NetBSD: mem2.c,v 1.14 2021/08/31 17:22:25 rillig Exp $"); #endif #include -#include #include -#include #include "lint2.h" @@ -60,7 +58,7 @@ void initmem(void) { - mblklen = MBLKSIZ - MBLKSIZ % (unsigned int)getpagesize(); + mblklen = mem_block_size(); nxtfree = mblklen; }