diff options
author | Dmitry Vyukov <dvyukov@google.com> | 2015-01-30 14:36:12 +0300 |
---|---|---|
committer | Dmitry Vyukov <dvyukov@google.com> | 2015-01-30 12:01:31 +0000 |
commit | 3c3848ad92bac9edce2ec1e510c01f9bf2317ea3 (patch) | |
tree | 3f0294723e4dbc5074a9803e157a8eaf7bdf254e /src/runtime/mem_plan9.go | |
parent | 256116ad2564b10c18750633dce047fd92d57bc7 (diff) | |
download | go-3c3848ad92bac9edce2ec1e510c01f9bf2317ea3.tar.gz go-3c3848ad92bac9edce2ec1e510c01f9bf2317ea3.zip |
runtime: fix system memory allocator on plan9
The following line in sysFree:
n += (n + memRound) &^ memRound
doubles value of n (n += n).
Which is wrong and can lead to memory corruption.
Fixes #9712
Change-Id: I3c141b71da11e38837c09408cf4f1d22e8f7f36e
Reviewed-on: https://go-review.googlesource.com/3602
Reviewed-by: David du Colombier <0intro@gmail.com>
Diffstat (limited to 'src/runtime/mem_plan9.go')
-rw-r--r-- | src/runtime/mem_plan9.go | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/src/runtime/mem_plan9.go b/src/runtime/mem_plan9.go index a5d7c1a4cf..477a52700e 100644 --- a/src/runtime/mem_plan9.go +++ b/src/runtime/mem_plan9.go @@ -9,21 +9,24 @@ import "unsafe" var bloc uintptr var memlock mutex -const memRound = _PAGESIZE - 1 +func memRound(p uintptr) uintptr { + return (p + _PAGESIZE - 1) &^ (_PAGESIZE - 1) +} func initBloc() { - bloc = uintptr(unsafe.Pointer(&end)) + bloc = memRound(uintptr(unsafe.Pointer(&end))) } func sbrk(n uintptr) unsafe.Pointer { lock(&memlock) // Plan 9 sbrk from /sys/src/libc/9sys/sbrk.c - bl := (bloc + memRound) &^ memRound + bl := bloc + n = memRound(n) if brk_(unsafe.Pointer(bl+n)) < 0 { unlock(&memlock) return nil } - bloc = bl + n + bloc += n unlock(&memlock) return unsafe.Pointer(bl) } @@ -42,7 +45,7 @@ func sysFree(v unsafe.Pointer, n uintptr, stat *uint64) { // from tiny/mem.c // Push pointer back if this is a free // of the most recent sysAlloc. - n += (n + memRound) &^ memRound + n = memRound(n) if bloc == uintptr(v)+n { bloc -= n } |