From: Julian Seward Date: Tue, 14 Feb 2006 11:37:41 +0000 (+0000) Subject: Ensure memory acquired from sys_brk() really is zeroed. Fixes #121893. X-Git-Tag: svn/VALGRIND_3_2_0~267 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7190322b0aea09430de4d84f086c5cbd29b9b06d;p=thirdparty%2Fvalgrind.git Ensure memory acquired from sys_brk() really is zeroed. Fixes #121893. git-svn-id: svn://svn.valgrind.org/valgrind/trunk@5647 --- diff --git a/coregrind/m_syswrap/syswrap-generic.c b/coregrind/m_syswrap/syswrap-generic.c index c687eb4bd4..5fffa03454 100644 --- a/coregrind/m_syswrap/syswrap-generic.c +++ b/coregrind/m_syswrap/syswrap-generic.c @@ -947,6 +947,23 @@ static Addr do_brk ( Addr newbrk ) if (seg && seg->hasT) VG_(discard_translations)( newbrk, VG_(brk_limit) - newbrk, "do_brk(shrink)" ); + /* Since we're being lazy and not unmapping pages, we have to + zero out the area, so that if the area later comes back into + circulation, it will be filled with zeroes, as if it really + had been unmapped and later remapped. Be a bit paranoid and + try hard to ensure we're not going to segfault by doing the + write - check both ends of the range are in the same segment + and that segment is writable. */ + if (seg) { + /* pre: newbrk < VG_(brk_limit) + => newbrk <= VG_(brk_limit)-1 */ + NSegment* seg2; + vg_assert(newbrk < VG_(brk_limit)); + seg2 = VG_(am_find_nsegment)( VG_(brk_limit)-1 ); + if (seg2 && seg == seg2 && seg->hasW) + VG_(memset)( (void*)newbrk, 0, VG_(brk_limit) - newbrk ); + } + VG_(brk_limit) = newbrk; return newbrk; } diff --git a/docs/internals/3_1_BUGSTATUS.txt b/docs/internals/3_1_BUGSTATUS.txt index d5dd6ad2de..dca1bac84a 100644 --- a/docs/internals/3_1_BUGSTATUS.txt +++ b/docs/internals/3_1_BUGSTATUS.txt @@ -53,7 +53,7 @@ v5593 pending 120658 Pass -Wdeclaration-after-statement to VEX build 120277 unimplemented PPC floating point instructions: fres, fctid, fctidz, frsqrte - +v5647 pending 121893 calloc does not always zero memory don't forget: