From patchwork Thu Aug 8 14:17:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 1970578 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=Nczh3HYC; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Wfq0M1F1Gz1ybS for ; Fri, 9 Aug 2024 00:18:43 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 4823D385E011 for ; Thu, 8 Aug 2024 14:18:40 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) by sourceware.org (Postfix) with ESMTPS id EAF503858283 for ; Thu, 8 Aug 2024 14:18:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org EAF503858283 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org EAF503858283 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::102d ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1723126703; cv=none; b=V/S5SMqhWv/QhWdhgMWvoMWAV0skUFt9ASgU+KNXPXlP8cTwdzcG0DmwqBXg5e5QZBgUWnSfQEdpvlFIaPPKKiSSlXeHWB9vb5eE4TTWPpSBQGkg4yplBdi2EGC/qQn9jqGHDaqAGSdhfsV5hiDyI1La3F/a32LJKAB2gUjQ3fw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1723126703; c=relaxed/simple; bh=srW1GNAxsKySpMbM54T05w6drP6w+/pyoKigPXalnWA=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=TQcrVPT5hwmNVY5XnhQuQ09q07EGrYR3mnToIusZHnji+zr1dZzwAr0UPEYmE+PVW5aQLyKiFAwKkgeJ2/GSH3raFdlEPwR4F7Qx5SZXdYoZ/uPZdSezU6QWfOcqFASDhExtT502E523oAYBXRgxG6l8QpgbD1IUMtcTLudwtk0= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x102d.google.com with SMTP id 98e67ed59e1d1-2cb53da06a9so732922a91.0 for ; Thu, 08 Aug 2024 07:18:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1723126699; x=1723731499; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=YLPgocQ+f/Sk0/WCblYBC7Chj2TonELhuZ7dqgVWfqs=; b=Nczh3HYCbJH2Gu1W1XV49XDsVGSfuSeqaxOf/0zehx4QH4dq4A49bA6DgJT3Wbi2Qk +MTpJ6ZDtvq0uoFcb98lT04QM64jjNQRtzf+im31rFfNZO9LEQzFoSugXSfH6FeMEqQB i+eH/4ZNzyuRO3mxVgIOqipPQQc4qnxQz5GKtQzfYefyWzl0AMnw9nvwmMeio/StvOIo 5uCnmqPfF0MW6k4sYxnkKrVG/qVnL0TZ/jRj66QzZvqKP+lAzYI2f5080fHbyE7B2kto ghq0v8vW6iKDCIrOvm6towL8lAxBBYIXpAlFPhYekKsLBSRgZw35UlQme/GhjJpmsDB3 06ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723126699; x=1723731499; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YLPgocQ+f/Sk0/WCblYBC7Chj2TonELhuZ7dqgVWfqs=; b=n1Y1Wutj4lUKzOB4SrdUbkmrZMj9f/tPFmPaYPtfYux/IEl63yX8wGreeXG2hPOiL3 qSl1RMISi0ySLT5WT7jQVDZ/vUtm6mzcOszZp4YhJdd+4LOm8RQhVKVySaknR6k0iyga 6hcrXLwrY+w0ei4VEUjFOOVmtW5b1eKvaRBtWSOKMLYe7FgXwjF4TiYH6JMl7VuhUcK3 XFODtCc/16JICflMWDwXKQ6WOu0lM6aSykELd5kUKI2Rz6E7etwWewmTPbJJYJcOEZgY 5C//x3P8EFCFfuUEY0dKXe8XdJDAsXDz3khpClvJ1+SFBSvsVx0tRu0kj5U/GO4agKtX r+fg== X-Gm-Message-State: AOJu0Yxz5LnIBmrMUc8MzDeFp3utWFLWBYs54bhhzz9ehCOoVfB4ZUv8 OV0gUHSDVW5RcjrgWDk68X2kUYvEAmQpZD0V9a/EFzQe3t/3UsxVxEkbfYvgCmO+IUjzQ3gYkrM a X-Google-Smtp-Source: AGHT+IHJadPggk+UgyTBHMjB3ARFfZXFog+NzB0G6wng7fFMMbrq/YRJertzx4Zo+ePGkfCQ6SC9Qg== X-Received: by 2002:a17:90a:1088:b0:2cd:40cf:5ebd with SMTP id 98e67ed59e1d1-2d1c4f7fce8mr2983419a91.5.1723126699316; Thu, 08 Aug 2024 07:18:19 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c1:a5f6:62c8:d610:21e7:d4cc]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d1c9db0341sm1172700a91.39.2024.08.08.07.18.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Aug 2024 07:18:18 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: =?utf-8?b?TMOpbsOhcmQgU3pvbG5va2k=?= , Andreas Schwab , Florian Weimer Subject: [PATCH v2] stdlib: Fix qsort memory leak if callback throws (BZ 32058) Date: Thu, 8 Aug 2024 11:17:44 -0300 Message-ID: <20240808141814.2679575-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-Spam-Status: No, score=-12.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org If the input buffer exceeds the stack auxiliary buffer, qsort will malloc a temporary one to call mergesort. Since C++ standard does allow the callback comparison function to throw [1], the glibc implementation can potentially leak memory. The fixes uses a pthread_cleanup_combined_push and pthread_cleanup_combined_pop, so it can work with and without exception enables. The qsort now requires some extra setup and a call to __pthread_cleanup_push/__pthread_cleanup_pop (which should be ok since they just setup some buffer state). Checked on x86_64-linux-gnu. [1] https://timsong-cpp.github.io/cppwp/n4950/alg.c.library#4 --- stdlib/Makefile | 32 ++++++++++++++++- stdlib/qsort.c | 26 +++++++++++--- stdlib/tst-qsort4.c | 4 +++ stdlib/tst-qsort7.c | 81 ++++++++++++++++++++++++++++++++++++++++++ stdlib/tst-qsortx7.c | 1 + sysdeps/htl/pthreadP.h | 8 +++++ 6 files changed, 147 insertions(+), 5 deletions(-) create mode 100644 stdlib/tst-qsort7.c create mode 100644 stdlib/tst-qsortx7.c diff --git a/stdlib/Makefile b/stdlib/Makefile index 347491de53..b68401bd54 100644 --- a/stdlib/Makefile +++ b/stdlib/Makefile @@ -290,6 +290,8 @@ tests := \ tst-qsort2 \ tst-qsort3 \ tst-qsort6 \ + tst-qsort7 \ + tst-qsortx7 \ tst-quick_exit \ tst-rand48 \ tst-rand48-2 \ @@ -539,7 +541,19 @@ tests-special += $(objpfx)isomac.out ifeq ($(run-built-tests),yes) tests-special += $(objpfx)tst-fmtmsg.out -endif +ifeq ($(build-shared),yes) +ifneq ($(PERL),no) +generated += \ + tst-qsort7.mtrace \ + tst-qsortx7.mtrace \ + # generated +tests-special += \ + $(objpfx)tst-qsort7-mem.out \ + $(objpfx)tst-qsortx7-mem.out \ + # tests-special +endif # $(build-shared) == yes +endif # $(PERL) == yes +endif # $(run-built-tests) == yes include ../Rules @@ -627,3 +641,19 @@ $(objpfx)tst-setcontext3.out: tst-setcontext3.sh $(objpfx)tst-setcontext3 $(objpfx)tst-qsort5: $(libm) $(objpfx)tst-concurrent-exit: $(shared-thread-library) $(objpfx)tst-concurrent-quick_exit: $(shared-thread-library) + +CFLAGS-tst-qsort7.c += -fno-exceptions -fno-asynchronous-unwind-tables +LDLIBS-tst-qsort7 = $(shared-thread-library) +tst-qsort7-ENV = MALLOC_TRACE=$(objpfx)tst-qsort7.mtrace \ + LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so +$(objpfx)tst-qsort7-mem.out: $(objpfx)tst-qsort7.out + $(common-objpfx)malloc/mtrace $(objpfx)tst-qsort7.mtrace > $@; \ + $(evaluate-test) + +CFLAGS-tst-qsortx7.c += -fexceptions +LDLIBS-tst-qsortx7 = $(shared-thread-library) +tst-qsortx7-ENV = MALLOC_TRACE=$(objpfx)tst-qsortx7.mtrace \ + LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so +$(objpfx)tst-qsortx7-mem.out: $(objpfx)tst-qsortx7.out + $(common-objpfx)malloc/mtrace $(objpfx)tst-qsortx7.mtrace > $@; \ + $(evaluate-test) diff --git a/stdlib/qsort.c b/stdlib/qsort.c index be47aebbe0..a0feda1236 100644 --- a/stdlib/qsort.c +++ b/stdlib/qsort.c @@ -25,6 +25,7 @@ #include #include #include +#include "pthreadP.h" /* Swap SIZE bytes between addresses A and B. These helpers are provided along the generic one as an optimization. */ @@ -338,6 +339,17 @@ indirect_msort_with_tmp (const struct msort_param *p, void *b, size_t n, } } +static void +__attribute_used__ +cancel_handler (void *ptr) +{ + void *mem = *(void **) ptr; + /* This check for NULL helps the compiler to that is does not generate + explicit calls for free (NULL). */ + if (mem != NULL) + free (mem); +} + void __qsort_r (void *const pbase, size_t total_elems, size_t size, __compar_d_fn_t cmp, void *arg) @@ -349,6 +361,9 @@ __qsort_r (void *const pbase, size_t total_elems, size_t size, _Alignas (uint64_t) char tmp[QSORT_STACK_SIZE]; size_t total_size = total_elems * size; char *buf; + void *bufmem = NULL; + + pthread_cleanup_combined_push (cancel_handler, &bufmem); if (size > INDIRECT_SORT_SIZE_THRES) total_size = 2 * total_elems * sizeof (void *) + size; @@ -358,14 +373,15 @@ __qsort_r (void *const pbase, size_t total_elems, size_t size, else { int save = errno; - buf = malloc (total_size); + bufmem = malloc (total_size); __set_errno (save); - if (buf == NULL) + if (bufmem == NULL) { /* Fallback to heapsort in case of memory failure. */ heapsort_r (pbase, total_elems - 1, size, cmp, arg); return; } + buf = bufmem; } if (size > INDIRECT_SORT_SIZE_THRES) @@ -393,8 +409,10 @@ __qsort_r (void *const pbase, size_t total_elems, size_t size, msort_with_tmp (&msort_param, pbase, total_elems); } - if (buf != tmp) - free (buf); + pthread_cleanup_combined_pop (0); + + if (bufmem != NULL) + free (bufmem); } libc_hidden_def (__qsort_r) weak_alias (__qsort_r, qsort_r) diff --git a/stdlib/tst-qsort4.c b/stdlib/tst-qsort4.c index 247917b454..b723fa4aab 100644 --- a/stdlib/tst-qsort4.c +++ b/stdlib/tst-qsort4.c @@ -16,6 +16,10 @@ License along with the GNU C Library; if not, see . */ +#undef pthread_cleanup_combined_push +#define pthread_cleanup_combined_push(routine, arg) +#undef pthread_cleanup_combined_pop +#define pthread_cleanup_combined_pop(execute) #include "qsort.c" #include diff --git a/stdlib/tst-qsort7.c b/stdlib/tst-qsort7.c new file mode 100644 index 0000000000..ba0c3d7387 --- /dev/null +++ b/stdlib/tst-qsort7.c @@ -0,0 +1,81 @@ +/* Test if qsort cleanup memory allocation if the comparison function + throws (BZ 32058) + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include + +static pthread_barrier_t b; + +static void +cl (void *arg) +{ +} + +static int +compar_func (const void *a1, const void *a2) +{ + xpthread_barrier_wait (&b); + + pthread_cleanup_push (cl, NULL); + + pause (); + + pthread_cleanup_pop (0); + + support_record_failure (); + + return 0; +} + +static void * +tf (void *tf) +{ + /* An array larger than QSORT_STACK_SIZE to force memory allocation. */ + int input[1024] = { 0 }; + qsort (input, array_length (input), sizeof input[0], compar_func); + + return NULL; +} + +static int +do_test (void) +{ + mtrace (); + + xpthread_barrier_init (&b, NULL, 2); + + pthread_t thr = xpthread_create (NULL, tf, NULL); + + xpthread_barrier_wait (&b); + + xpthread_cancel (thr); + + { + void *r = xpthread_join (thr); + TEST_VERIFY (r == PTHREAD_CANCELED); + } + + return 0; +} + +#include diff --git a/stdlib/tst-qsortx7.c b/stdlib/tst-qsortx7.c new file mode 100644 index 0000000000..ab6152320c --- /dev/null +++ b/stdlib/tst-qsortx7.c @@ -0,0 +1 @@ +#include "tst-qsort7.c" diff --git a/sysdeps/htl/pthreadP.h b/sysdeps/htl/pthreadP.h index cf8a2efe86..ef1fa8ca95 100644 --- a/sysdeps/htl/pthreadP.h +++ b/sysdeps/htl/pthreadP.h @@ -23,6 +23,7 @@ #include #include +#include /* Attribute to indicate thread creation was issued from C11 thrd_create. */ #define ATTR_C11_THREAD ((void*)(uintptr_t)-1) @@ -113,4 +114,11 @@ hidden_proto (__pthread_get_cleanup_stack) _Static_assert (sizeof (type) == size, \ "sizeof (" #type ") != " #size) +#ifndef pthread_cleanup_combined_push +# define pthread_cleanup_combined_push __pthread_cleanup_push +#endif +#ifndef pthread_cleanup_combined_pop +# define pthread_cleanup_combined_pop __pthread_cleanup_pop +#endif + #endif /* pthreadP.h */