ISC_MEM_ZERO requires great care to use when the space returned by
the allocator is larger than the requested space, and when memory is
reallocated. You must ensure that _every_ call to allocate or
reallocate a particular block of memory uses ISC_MEM_ZERO, to ensure
that the extra space is zeroed as expected. (When ISC_MEMFLAG_FILL
is set, the extra space will definitely be non-zero.)
When BIND is built without jemalloc, ISC_MEM_ZERO is implemented in
`jemalloc_shim.h`. This had a bug on systems that have malloc_size()
or malloc_usable_size(): memory was only zeroed up to the requested
size, not the allocated size. When an oversized allocation was
returned, and subsequently reallocated larger, memory between the
original requested size and the original allocated size could
contain unexpected nonzero junk. The realloc call does not know the
original requested size and only zeroes from the original allocated
size onwards.
After this change, `jemalloc_shim.h` always zeroes up to the
allocated size, not the requested size.
+6084. [bug] When BIND was built without jemalloc, the allocator flag
+ ISC_MEM_ZERO could return non-zero memory. [GL #3845]
+
6083. [bug] Fix DNSRPS-enabled builds as they were inadvertently
broken by changes 5949 and 6042. [GL #3827]
INSIST(ptr != NULL);
if ((flags & MALLOCX_ZERO) != 0) {
- memset(ptr, 0, size);
+ memset(ptr, 0, sallocx(ptr, flags));
}
return (ptr);
static inline void *
rallocx(void *ptr, size_t size, int flags) {
void *new_ptr;
- size_t old_size;
+ size_t old_size, new_size;
REQUIRE(size != 0);
new_ptr = realloc(ptr, size);
INSIST(new_ptr != NULL);
- if ((flags & MALLOCX_ZERO) != 0 && size > old_size) {
- memset((uint8_t *)new_ptr + old_size, 0, size - old_size);
+ if ((flags & MALLOCX_ZERO) != 0) {
+ new_size = sallocx(new_ptr, flags);
+ if (new_size > old_size) {
+ memset((uint8_t *)new_ptr + old_size, 0,
+ new_size - old_size);
+ }
}
return (new_ptr);
projects / thirdparty / bind9.git / commitdiff
