Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/golang/patches/0045-release-branch.go1.5-runtime-handle-sysReserve-retur.patch
changeset 5331 9c955076ffe3 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/golang/patches/0045-release-branch.go1.5-runtime-handle-sysReserve-retur.patch	Thu Jan 21 09:20:59 2016 -0800
@@ -0,0 +1,50 @@
+From a10b27094cbddd7d470281590a50b5b38265e541 Mon Sep 17 00:00:00 2001
+From: Austin Clements <[email protected]>
+Date: Sun, 15 Nov 2015 23:13:16 -0500
+Subject: [PATCH 45/63] [release-branch.go1.5] runtime: handle sysReserve
+ returning a pointer below the arena
+
+In mheap.sysAlloc, if an allocation at arena_used would exceed
+arena_end (but wouldn't yet push us past arena_start+_MaxArean32), it
+trie to extend the arena reservation by another 256 MB. It extends the
+arena by calling sysReserve, which, on 32-bit, calls mmap without
+MAP_FIXED, which means the address is just a hint and the kernel can
+put the mapping wherever it wants. In particular, mmap may choose an
+address below arena_start (the kernel also chose arena_start, so there
+could be lots of space below it). Currently, we don't detect this case
+and, if it happens, mheap.sysAlloc will corrupt arena_end and
+arena_used then return the low pointer to mheap.grow, which will crash
+when it attempts to index in to h_spans with an underflowed index.
+
+Fix this by checking not only that that p+p_size isn't too high, but
+that p isn't too low.
+
+Fixes #13143.
+
+Change-Id: I8d0f42bd1484460282a83c6f1a6f8f0df7fb2048
+Reviewed-on: https://go-review.googlesource.com/16927
+Run-TryBot: Austin Clements <[email protected]>
+TryBot-Result: Gobot Gobot <[email protected]>
+Reviewed-by: Ian Lance Taylor <[email protected]>
+Reviewed-on: https://go-review.googlesource.com/16988
+Reviewed-by: Russ Cox <[email protected]>
+---
+ src/runtime/malloc.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/runtime/malloc.go b/src/runtime/malloc.go
+index a8a5d48..b966eed 100644
+--- a/src/runtime/malloc.go
++++ b/src/runtime/malloc.go
+@@ -401,7 +401,7 @@ func mHeap_SysAlloc(h *mheap, n uintptr) unsafe.Pointer {
+ 			if p == h.arena_end {
+ 				h.arena_end = new_end
+ 				h.arena_reserved = reserved
+-			} else if p+p_size <= h.arena_start+_MaxArena32 {
++			} else if h.arena_start <= p && p+p_size <= h.arena_start+_MaxArena32 {
+ 				// Keep everything page-aligned.
+ 				// Our pages are bigger than hardware pages.
+ 				h.arena_end = p + p_size
+-- 
+2.6.1
+
upstream/oracle/userland-gate