Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 28 Jul 2015 16:47:14 -0400
From: Rich Felker <>
Subject: Re: Multithreaded program VSZ increasing due to bad free()

On Sun, Jul 26, 2015 at 01:10:48PM -0400, Rich Felker wrote:
> But in the mean time I'm not sure what the best solution is. I think
> we need to find a way to prevent the "wrongly empty" bins from being
> visible. Perhaps alloc_fwd and alloc_rev could refrain from using
> unbin and unlock_bin and instead help the caller keep a mask of bins
> it has locked and which need to be masked off when the free is
> finished...

The attached patch should mitigate the issue in practice by performing
madvise with the bin lock held and the binmap bit already set, so that
malloc waits for the lock while madvise is running rather than trying
to map new memory. There is still a race window when unnecessary
allocation will occur, but it should be much harder to hit. We can
work on better fixes later.


View attachment "free_madv.diff" of type "text/plain" (1300 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.