From: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Mon, 24 Aug 2015 09:03:07 +0000 (+0530)
Subject: Don't use the main arena in retry path if it is corrupt
X-Git-Tag: glibc-2.23~603
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c3b9ef8dfc83e9d17da5adc73709d2f7dfbbaf13;p=thirdparty%2Fglibc.git

Don't use the main arena in retry path if it is corrupt

If allocation on a non-main arena fails, the main arena is used
without checking to see if it is corrupt.  Add a check that avoids the
main arena if it is corrupt.

	* malloc/arena.c (arena_get_retry): Don't use main_arena if it is
	corrupt.
---

diff --git a/ChangeLog b/ChangeLog
index 1b5b03e666e..dae71cecec8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2015-08-24  Siddhesh Poyarekar  <siddhesh@redhat.com>
 
+	* malloc/arena.c (arena_get_retry): Don't use main_arena if it
+	is corrupt.
+
 	* malloc/arena.c (arena_get2): Drop unused argument.
 	(arena_lock): Adjust.
 	(arena_get_retry): Likewise.
diff --git a/malloc/arena.c b/malloc/arena.c
index cfec94d182d..b44e307ade8 100644
--- a/malloc/arena.c
+++ b/malloc/arena.c
@@ -909,6 +909,10 @@ arena_get_retry (mstate ar_ptr, size_t bytes)
   if (ar_ptr != &main_arena)
     {
       (void) mutex_unlock (&ar_ptr->mutex);
+      /* Don't touch the main arena if it is corrupt.  */
+      if (arena_is_corrupt (&main_arena))
+	return NULL;
+
       ar_ptr = &main_arena;
       (void) mutex_lock (&ar_ptr->mutex);
     }