diff options
| author | Vsevolod Stakhov <vsevolod@rambler-co.ru> | 2011-03-15 01:20:03 +0300 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@rambler-co.ru> | 2011-03-15 01:20:03 +0300 |
| commit | 99d911bad474a7c6844713b35fbd805a8b1b8ace (patch) | |
| tree | fc487b770229ba99cbba9032af3a5c11ce518cc1 | |
| parent | 63cb7c0f364df3331df235f38f1be901f04bebba (diff) | |
| download | rspamd-99d911bad474a7c6844713b35fbd805a8b1b8ace.tar.gz rspamd-99d911bad474a7c6844713b35fbd805a8b1b8ace.zip | |
Fix memory corruption in memory pools library.
While in here use guint8 for all pointers.
| -rw-r--r-- | src/mem_pool.c | 37 | ||||
| -rw-r--r-- | src/mem_pool.h | 16 |
2 files changed, 31 insertions, 22 deletions
diff --git a/src/mem_pool.c b/src/mem_pool.c index ac870d42b..85b4a1233 100644 --- a/src/mem_pool.c +++ b/src/mem_pool.c @@ -53,6 +53,19 @@ pthread_mutex_t stat_mtx = PTHREAD_MUTEX_INITIALIZER; /* Internal statistic */ static memory_pool_stat_t *mem_pool_stat = NULL; +/** + * Function that return free space in pool page + * @param x pool page struct + */ +static gsize +pool_chain_free (struct _pool_chain *chain) +{ + guint8 *p; + + p = align_ptr (chain->pos, MEM_ALIGNMENT); + return chain->len - (p - chain->begin); +} + static struct _pool_chain * pool_chain_new (gsize size) { @@ -96,7 +109,7 @@ pool_chain_new_shared (gsize size) abort (); } chain = (struct _pool_chain_shared *)map; - chain->begin = ((u_char *) chain) + sizeof (struct _pool_chain_shared); + chain->begin = ((guint8 *) chain) + sizeof (struct _pool_chain_shared); #elif defined(HAVE_MMAP_ZERO) gint fd; @@ -110,7 +123,7 @@ pool_chain_new_shared (gsize size) abort (); } chain = (struct _pool_chain_shared *)map; - chain->begin = ((u_char *) chain) + sizeof (struct _pool_chain_shared); + chain->begin = ((guint8 *) chain) + sizeof (struct _pool_chain_shared); #else # error No mmap methods are defined #endif @@ -185,7 +198,7 @@ memory_pool_new (gsize size) void * memory_pool_alloc (memory_pool_t * pool, gsize size) { - u_char *tmp; + guint8 *tmp; struct _pool_chain *new, *cur; if (pool) { @@ -195,10 +208,10 @@ memory_pool_alloc (memory_pool_t * pool, gsize size) cur = pool->cur_pool; #endif /* Find free space in pool chain */ - while (memory_pool_free (cur) < size && cur->next) { + while (pool_chain_free (cur) < size && cur->next) { cur = cur->next; } - if (cur->next == NULL && memory_pool_free (cur) < size) { + if (cur->next == NULL) { /* Allocate new pool */ if (cur->len >= size) { new = pool_chain_new (cur->len); @@ -300,7 +313,7 @@ memory_pool_strdup_shared (memory_pool_t * pool, const gchar *src) void * memory_pool_alloc_shared (memory_pool_t * pool, gsize size) { - u_char *tmp; + guint8 *tmp; struct _pool_chain_shared *new, *cur; if (pool) { @@ -313,10 +326,10 @@ memory_pool_alloc_shared (memory_pool_t * pool, gsize size) } /* Find free space in pool chain */ - while (memory_pool_free (cur) < size && cur->next) { + while (pool_chain_free ((struct _pool_chain *)cur) < size && cur->next) { cur = cur->next; } - if (cur->next == NULL && memory_pool_free (cur) < size) { + if (cur->next == NULL) { /* Allocate new pool */ if (cur->len >= size) { new = pool_chain_new_shared (cur->len); @@ -350,7 +363,7 @@ memory_pool_find_pool (memory_pool_t * pool, void *pointer) struct _pool_chain_shared *cur = pool->shared_pool; while (cur) { - if ((u_char *) pointer >= cur->begin && (u_char *) pointer <= (cur->begin + cur->len)) { + if ((guint8 *) pointer >= cur->begin && (guint8 *) pointer <= (cur->begin + cur->len)) { return cur; } cur = cur->next; @@ -382,7 +395,9 @@ __mutex_spin (memory_pool_mutex_t * mutex) __asm __volatile ("pause"); #elif defined(HAVE_SCHED_YIELD) (void)sched_yield (); -#elif defined(HAVE_NANOSLEEP) +#endif + +#if defined(HAVE_NANOSLEEP) struct timespec ts; ts.tv_sec = 0; ts.tv_nsec = MUTEX_SLEEP_TIME; @@ -441,7 +456,7 @@ void memory_pool_add_destructor_full (memory_pool_t * pool, pool_destruct_func func, void *data, const gchar *function, const gchar *line) { - struct _pool_destructors *cur, *tmp; + struct _pool_destructors *cur; cur = memory_pool_alloc (pool, sizeof (struct _pool_destructors)); if (cur) { diff --git a/src/mem_pool.h b/src/mem_pool.h index d25a4dc2f..62f6dcb9a 100644 --- a/src/mem_pool.h +++ b/src/mem_pool.h @@ -39,8 +39,8 @@ typedef struct memory_pool_mutex_s { * Pool page structure */ struct _pool_chain { - u_char *begin; /**< begin of pool chain block */ - u_char *pos; /**< current start of free space in block */ + guint8 *begin; /**< begin of pool chain block */ + guint8 *pos; /**< current start of free space in block */ gsize len; /**< length of block */ struct _pool_chain *next; /**< chain link */ }; @@ -49,11 +49,11 @@ struct _pool_chain { * Shared pool page */ struct _pool_chain_shared { - u_char *begin; - u_char *pos; + guint8 *begin; + guint8 *pos; gsize len; - memory_pool_mutex_t *lock; struct _pool_chain_shared *next; + memory_pool_mutex_t *lock; }; /** @@ -268,10 +268,4 @@ void memory_pool_set_variable (memory_pool_t *pool, const gchar *name, gpointer gpointer memory_pool_get_variable (memory_pool_t *pool, const gchar *name); -/** - * Macro that return free space in pool page - * @param x pool page struct - */ -#define memory_pool_free(x) ((x)->len - (align_ptr((x)->pos, MEM_ALIGNMENT) - (x)->begin)) - #endif |