git.ipfire.org Git - thirdparty/glibc.git/commit

stdlib: Fix qsort memory leak if callback throws (BZ 32058)

If the input buffer exceeds the stack auxiliary buffer, qsort will
malloc a temporary one to call mergesort. Since C++ standard does
allow the callback comparison function to throw [1], the glibc
implementation can potentially leak memory.

The fixes uses a pthread_cleanup_combined_push and
pthread_cleanup_combined_pop, so it can work with and without
exception enables. The qsort code path that calls malloc now
requires some extra setup and a call to __pthread_cleanup_push
anmd __pthread_cleanup_pop (which should be ok since they just
setup some buffer state).

Checked on x86_64-linux-gnu.

[1] https://timsong-cpp.github.io/cppwp/n4950/alg.c.library#4

Reviewed-by: DJ Delorie <dj@redhat.com>

author	Adhemerval Zanella <adhemerval.zanella@linaro.org>
	Thu, 27 Mar 2025 15:30:48 +0000 (12:30 -0300)
committer	Adhemerval Zanella <adhemerval.zanella@linaro.org>
	Wed, 2 Apr 2025 18:01:55 +0000 (18:01 +0000)
commit	c8e73a1492b01b9b0c189d6a5c53a5a697827bae
tree	50a812e61c87a41d6001a5de105ecd0fe8a7e90b	tree
parent	e8514ac7aaf1bd0cf791dbdac0b2584ef3c42e98	commit \| diff

stdlib/Makefile		diff \| blob \| blame \| history
stdlib/qsort.c		diff \| blob \| blame \| history
stdlib/tst-qsort4.c		diff \| blob \| blame \| history
stdlib/tst-qsort7.c	[new file with mode: 0644]	blob
stdlib/tst-qsortx7.c	[new file with mode: 0644]	blob
sysdeps/htl/pthreadP.h		diff \| blob \| blame \| history
sysdeps/mach/hurd/Makefile		diff \| blob \| blame \| history
sysdeps/nptl/pthreadP.h		diff \| blob \| blame \| history