malloc: Remove corrupt arena flag

This is no longer needed because we now abort immediately
once heap corruption is detected.

diff --git a/ChangeLog b/ChangeLog
index 9f1b3d8f997c0c860eba5fa1d2d280280fd89937..b0f01c2207697e32a552bdb9b897387ab7b10b56 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2017-08-30  Florian Weimer  <fweimer@redhat.com>
+
+       * malloc/malloc.c (ARENA_CORRUPTION_BIT, arena_is_corrupt)
+       (set_arena_corrupt): Remove definitions.
+       (mtrim): Do not check for corrupt arena.
+       * malloc/arena.c (arena_lock, reused_arena, arena_get_retry):
+       Likewise.
+
 2017-08-30  Florian Weimer  <fweimer@redhat.com>
 
        [BZ #21754]

diff --git a/malloc/arena.c b/malloc/arena.c
index 39cbfbc2827cc26ae6f7ac2487999cb7e43ffb61..afd423240a2fd9160fb651442e225425adcbe4a8 100644 (file)
--- a/malloc/arena.c
+++ b/malloc/arena.c
@@ -116,7 +116,7 @@ int __malloc_initialized = -1;
   } while (0)
 
 #define arena_lock(ptr, size) do {                                           \
-      if (ptr && !arena_is_corrupt (ptr))                                    \
+      if (ptr)                                                               \
         __libc_lock_lock (ptr->mutex);                                       \
       else                                                                   \
         ptr = arena_get2 ((size), NULL);                                     \
@@ -832,7 +832,7 @@ reused_arena (mstate avoid_arena)
   result = next_to_use;
   do
     {
-      if (!arena_is_corrupt (result) && !__libc_lock_trylock (result->mutex))
+      if (!__libc_lock_trylock (result->mutex))
         goto out;
 
       /* FIXME: This is a data race, see _int_new_arena.  */
@@ -845,18 +845,6 @@ reused_arena (mstate avoid_arena)
   if (result == avoid_arena)
     result = result->next;
 
-  /* Make sure that the arena we get is not corrupted.  */
-  mstate begin = result;
-  while (arena_is_corrupt (result) || result == avoid_arena)
-    {
-      result = result->next;
-      if (result == begin)
-       /* We looped around the arena list.  We could not find any
-          arena that was either not corrupted or not the one we
-          wanted to avoid.  */
-       return NULL;
-    }
-
   /* No arena available without contention.  Wait for the next in line.  */
   LIBC_PROBE (memory_arena_reuse_wait, 3, &result->mutex, result, avoid_arena);
   __libc_lock_lock (result->mutex);
@@ -953,10 +941,6 @@ arena_get_retry (mstate ar_ptr, size_t bytes)
   if (ar_ptr != &main_arena)
     {
       __libc_lock_unlock (ar_ptr->mutex);
-      /* Don't touch the main arena if it is corrupt.  */
-      if (arena_is_corrupt (&main_arena))
-       return NULL;
-
       ar_ptr = &main_arena;
       __libc_lock_lock (ar_ptr->mutex);
     }

diff --git a/malloc/malloc.c b/malloc/malloc.c
index 9b80690215e546c89db1e9b77d37515d0e87e92e..65bbf02cb7920027365e0a9604b0775477a63ce5 100644 (file)
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -1647,15 +1647,6 @@ typedef struct malloc_chunk *mfastbinptr;
 #define set_noncontiguous(M)   ((M)->flags |= NONCONTIGUOUS_BIT)
 #define set_contiguous(M)      ((M)->flags &= ~NONCONTIGUOUS_BIT)
 
-/* ARENA_CORRUPTION_BIT is set if a memory corruption was detected on the
-   arena.  Such an arena is no longer used to allocate chunks.  Chunks
-   allocated in that arena before detecting corruption are not freed.  */
-
-#define ARENA_CORRUPTION_BIT (4U)
-
-#define arena_is_corrupt(A)    (((A)->flags & ARENA_CORRUPTION_BIT))
-#define set_arena_corrupt(A)   ((A)->flags |= ARENA_CORRUPTION_BIT)
-
 /* Maximum size of memory handled in fastbins.  */
 static INTERNAL_SIZE_T global_max_fast;
 
@@ -4727,10 +4718,6 @@ _int_memalign (mstate av, size_t alignment, size_t bytes)
 static int
 mtrim (mstate av, size_t pad)
 {
-  /* Don't touch corrupt arenas.  */
-  if (arena_is_corrupt (av))
-    return 0;
-
   /* Ensure initialization/consolidation */
   malloc_consolidate (av);