Re: ld.so take 2

[Otto Moerbeek]

OK,

Grrr... messed this up, sent thw wrong version. Both the To: header
and the text contain errors, but the intend should be clear. Diff is
the right version. 

Take care when replying.

        -Otto

On Thu, Jun 05, 2014 at 02:22:01PM +0200, Otto Moerbeek wrote:

> Hi,
> 
> The new malloc has been comitted, so now take the next step.
> 
> This changes _dl_malloc to a regular non-zeroing _dl_malloc and uses
> _dl_calloc and _dl_reallocarray.
> 
> This needs carefull review. I left some malloc calls since they do not
> require zero'ing according to my analysis, but this easy to get wrong.
> This also hold fo changes to _dl_reallocarray, since it does not zero,
> while the old _dl_malloc did. 
> 
> Some parts of this diff extracted from a diff by deraadt@
> 
> Pleas review and test.
> 
>       -Otto
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvs/src/libexec/ld.so/Makefile,v
> retrieving revision 1.49
> diff -u -p -r1.49 Makefile
> --- Makefile  5 Jun 2014 08:41:09 -0000       1.49
> +++ Makefile  5 Jun 2014 11:22:35 -0000
> @@ -15,7 +15,7 @@ VPATH=${.CURDIR}/../../lib/libc/string
>  SRCS=        ldasm.S boot.c loader.c resolve.c dlfcn.c dl_printf.c 
> rtld_machine.c
>  SRCS+=       path.c util.c sod.c strsep.c strtol.c dir.c library_subr.c 
> dl_prebind.c
>  SRCS+=       dl_realpath.c dl_uname.c dl_dirname.c strlcat.c strlen.c trace.c
> -SRCS+=       malloc.c
> +SRCS+=       malloc.c reallocarray.c
>  
>  .if (${MACHINE_ARCH} == "i386")
>  SRCS+=       library_mquery.c
> Index: dir.c
> ===================================================================
> RCS file: /cvs/src/libexec/ld.so/dir.c,v
> retrieving revision 1.17
> diff -u -p -r1.17 dir.c
> --- dir.c     13 Aug 2013 05:52:17 -0000      1.17
> +++ dir.c     5 Jun 2014 11:22:35 -0000
> @@ -68,7 +68,7 @@ _dl_opendir(const char *name)
>               return (NULL);
>       }
>       if (_dl_fcntl(fd, F_SETFD, FD_CLOEXEC) < 0 ||
> -         (dirp = _dl_malloc(sizeof(*dirp))) == NULL) {
> +         (dirp = _dl_calloc(1, sizeof(*dirp))) == NULL) {
>               _dl_close(fd);
>               return (NULL);
>       }
> Index: dl_prebind.c
> ===================================================================
> RCS file: /cvs/src/libexec/ld.so/dl_prebind.c,v
> retrieving revision 1.13
> diff -u -p -r1.13 dl_prebind.c
> --- dl_prebind.c      13 Nov 2013 05:41:41 -0000      1.13
> +++ dl_prebind.c      5 Jun 2014 11:22:35 -0000
> @@ -200,7 +200,8 @@ prebind_symcache(elf_object_t *object, i
>               if (i <= NUM_STATIC_OBJS) {
>                       objarray = &objarray_static[0];
>               } else {
> -                     objarray = _dl_malloc(sizeof(elf_object_t *) * i);
> +                     objarray = _dl_reallocarray(NULL,
> +                         sizeof(elf_object_t *), i);
>               }
>  
>               obj = _dl_objects;
> Index: library.c
> ===================================================================
> RCS file: /cvs/src/libexec/ld.so/library.c,v
> retrieving revision 1.67
> diff -u -p -r1.67 library.c
> --- library.c 20 Aug 2012 23:25:07 -0000      1.67
> +++ library.c 5 Jun 2014 11:22:35 -0000
> @@ -195,7 +195,7 @@ _dl_tryload_shlib(const char *libname, i
>                                   TRUNC_PG(phdp->p_offset));
>                       } else
>                               res = NULL;     /* silence gcc */
> -                     next_load = _dl_malloc(sizeof(struct load_list));
> +                     next_load = _dl_calloc(1, sizeof(struct load_list));
>                       next_load->next = load_list;
>                       load_list = next_load;
>                       next_load->start = start;
> Index: library_mquery.c
> ===================================================================
> RCS file: /cvs/src/libexec/ld.so/library_mquery.c,v
> retrieving revision 1.44
> diff -u -p -r1.44 library_mquery.c
> --- library_mquery.c  20 Aug 2012 23:25:07 -0000      1.44
> +++ library_mquery.c  5 Jun 2014 11:22:35 -0000
> @@ -158,6 +158,7 @@ _dl_tryload_shlib(const char *libname, i
>                       size = off + phdp->p_filesz;
>  
>                       if (size != 0) {
> +                             /* XXX */
>                               ld = _dl_malloc(sizeof(struct load_list));
>                               ld->start = NULL;
>                               ld->size = size;
> @@ -171,7 +172,7 @@ _dl_tryload_shlib(const char *libname, i
>                           ROUND_PG(size) == ROUND_PG(off + phdp->p_memsz))
>                               break;
>                       /* This phdr has a zfod section */
> -                     ld = _dl_malloc(sizeof(struct load_list));
> +                     ld = _dl_calloc(1, sizeof(struct load_list));
>                       ld->start = NULL;
>                       ld->size = ROUND_PG(off + phdp->p_memsz) -
>                           ROUND_PG(size);
> Index: loader.c
> ===================================================================
> RCS file: /cvs/src/libexec/ld.so/loader.c,v
> retrieving revision 1.147
> diff -u -p -r1.147 loader.c
> --- loader.c  16 Feb 2014 01:16:38 -0000      1.147
> +++ loader.c  5 Jun 2014 11:22:35 -0000
> @@ -280,8 +280,10 @@ _dl_load_dep_libs(elf_object_t *object, 
>                       } *liblist;
>                       int *randomlist;
>  
> -                     liblist = _dl_malloc(libcount * sizeof(struct listent));
> -                     randomlist =  _dl_malloc(libcount * sizeof(int));
> +                     liblist = _dl_reallocarray(NULL, libcount,
> +                         sizeof(struct listent));
> +                     randomlist =  _dl_reallocarray(NULL, libcount,
> +                         sizeof(int));
>  
>                       if (liblist == NULL)
>                               _dl_exit(5);
> @@ -458,7 +460,7 @@ _dl_boot(const char **argv, char **envp,
>                       if (phdp->p_vaddr > maxva)
>                               maxva = phdp->p_vaddr + phdp->p_memsz;
>  
> -                     next_load = _dl_malloc(sizeof(struct load_list));
> +                     next_load = _dl_calloc(1, sizeof(struct load_list));
>                       next_load->next = load_list;
>                       load_list = next_load;
>                       next_load->start = (char *)TRUNC_PG(phdp->p_vaddr) + 
> exe_loff;
> @@ -560,6 +562,7 @@ _dl_boot(const char **argv, char **envp,
>                       DL_DEB(("failed to mark DTDEBUG\n"));
>       }
>       if (map_link) {
> +             /* XXX */
>               debug_map = (struct r_debug *)_dl_malloc(sizeof(*debug_map));
>               debug_map->r_version = 1;
>               debug_map->r_map = (struct link_map *)_dl_objects;
> Index: malloc.c
> ===================================================================
> RCS file: /cvs/src/libexec/ld.so/malloc.c,v
> retrieving revision 1.1
> diff -u -p -r1.1 malloc.c
> --- malloc.c  5 Jun 2014 08:39:07 -0000       1.1
> +++ malloc.c  5 Jun 2014 11:22:35 -0000
> @@ -887,7 +887,7 @@ _dl_malloc(size_t size)
>               malloc_recurse();
>               return NULL;
>       }
> -     r = omalloc(size, 1 /* XXX */);
> +     r = omalloc(size, 0);
>       malloc_active--;
>       return r;
>  }
> Index: path.c
> ===================================================================
> RCS file: /cvs/src/libexec/ld.so/path.c,v
> retrieving revision 1.1
> diff -u -p -r1.1 path.c
> --- path.c    20 Mar 2013 21:49:59 -0000      1.1
> +++ path.c    5 Jun 2014 11:22:36 -0000
> @@ -43,7 +43,7 @@ _dl_split_path(const char *searchpath)
>       /* one more for NULL entry */
>       count++;
>  
> -     retval = _dl_malloc(count * sizeof(retval));
> +     retval = _dl_reallocarray(NULL, count, sizeof(retval));
>  
>       if (retval == NULL)
>               return (NULL);
> @@ -76,6 +76,7 @@ _dl_split_path(const char *searchpath)
>                       pp = NULL;
>       }
>  
> +     retval[pos] = NULL;
>       return (retval);
>  
>  badret:
> Index: reallocarray.c
> ===================================================================
> RCS file: reallocarray.c
> diff -N reallocarray.c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ reallocarray.c    5 Jun 2014 11:22:36 -0000
> @@ -0,0 +1,47 @@
> +/*   $OpenBSD: reallocarray.c,v 1.1 2014/05/08 21:43:49 deraadt Exp $        
> */
> +/*
> + * Copyright (c) 2008 Otto Moerbeek <o...@drijf.net>
> + *
> + * Permission to use, copy, modify, and distribute this software for any
> + * purpose with or without fee is hereby granted, provided that the above
> + * copyright notice and this permission notice appear in all copies.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
> + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
> + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> + */
> +
> +#include <sys/types.h>
> +#include <stdint.h>
> +#include <stdlib.h>
> +#include <unistd.h>
> +#include "archdep.h"
> +
> +/*
> + * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
> + * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
> + */
> +#define MUL_NO_OVERFLOW      (1UL << (sizeof(size_t) * 4))
> +
> +void *
> +_dl_reallocarray(void *optr, size_t nmemb, size_t size)
> +{
> +     static const char msg1[] = "realloc not available\n";
> +     static const char msg2[] = "reallocarray overflow\n";
> +
> +     if (optr != NULL) {
> +             _dl_write(STDERR_FILENO, msg1, sizeof(msg1) - 1);
> +             _dl_exit(7);
> +     }
> +             
> +     if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
> +         nmemb > 0 && SIZE_MAX / nmemb < size) {
> +             _dl_write(STDERR_FILENO, msg2, sizeof(msg2) - 1);
> +             _dl_exit(7);
> +     }
> +     return _dl_malloc(size * nmemb);
> +}
> Index: resolve.c
> ===================================================================
> RCS file: /cvs/src/libexec/ld.so/resolve.c,v
> retrieving revision 1.65
> diff -u -p -r1.65 resolve.c
> --- resolve.c 27 Nov 2013 21:25:25 -0000      1.65
> +++ resolve.c 5 Jun 2014 11:22:36 -0000
> @@ -245,7 +245,7 @@ _dl_finalize_object(const char *objname,
>       _dl_printf("objname [%s], dynp %p, objtype %x lbase %lx, obase %lx\n",
>           objname, dynp, objtype, lbase, obase);
>  #endif
> -     object = _dl_malloc(sizeof(elf_object_t));
> +     object = _dl_calloc(1, sizeof(elf_object_t));
>       object->prev = object->next = NULL;
>  
>       object->load_dyn = dynp;
> @@ -329,6 +329,7 @@ _dl_finalize_object(const char *objname,
>       object->phdrc = phdrc;
>       object->load_base = lbase;
>       object->obj_base = obase;
> +     /* XXX */
>       object->load_name = _dl_strdup(objname);
>       object->load_object = _dl_loading_object;
>       if (object->load_object == object)
> Index: sod.c
> ===================================================================
> RCS file: /cvs/src/libexec/ld.so/sod.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 sod.c
> --- sod.c     3 Dec 2013 01:47:05 -0000       1.27
> +++ sod.c     5 Jun 2014 11:22:36 -0000
> @@ -64,6 +64,7 @@ _dl_build_sod(const char *name, struct s
>       char            *realname, *tok, *etok, *cp;
>  
>       /* default is an absolute or relative path */
> +     /* XXX */
>       sodp->sod_name = (long)_dl_strdup(name);    /* strtok is destructive */
>       sodp->sod_library = 0;
>       sodp->sod_major = sodp->sod_minor = 0;
> @@ -121,6 +122,7 @@ _dl_build_sod(const char *name, struct s
>       if (realname == NULL)
>               goto backout;
>       cp = (char *)sodp->sod_name;
> +     /* XXX */
>       sodp->sod_name = (long)_dl_strdup(realname);
>       _dl_free(cp);
>       sodp->sod_library = 1;
> @@ -130,6 +132,7 @@ _dl_build_sod(const char *name, struct s
>  
>  backout:
>       _dl_free((char *)sodp->sod_name);
> +     /* XXX */
>       sodp->sod_name = (long)_dl_strdup(name);
>  }
>  
> Index: util.c
> ===================================================================
> RCS file: /cvs/src/libexec/ld.so/util.c,v
> retrieving revision 1.30
> diff -u -p -r1.30 util.c
> --- util.c    5 Jun 2014 08:39:07 -0000       1.30
> +++ util.c    5 Jun 2014 11:22:36 -0000
> @@ -51,11 +51,12 @@ char *
>  _dl_strdup(const char *orig)
>  {
>       char *newstr;
> -     int len;
> +     size_t len;
>  
>       len = _dl_strlen(orig)+1;
>       newstr = _dl_malloc(len);
> -     _dl_strlcpy(newstr, orig, len);
> +     if (newstr != NULL)
> +             _dl_strlcpy(newstr, orig, len);
>       return (newstr);
>  }
>  
> Index: util.h
> ===================================================================
> RCS file: /cvs/src/libexec/ld.so/util.h,v
> retrieving revision 1.25
> diff -u -p -r1.25 util.h
> --- util.h    23 Jan 2014 01:07:45 -0000      1.25
> +++ util.h    5 Jun 2014 11:22:36 -0000
> @@ -34,7 +34,9 @@
>  #include <sys/utsname.h>
>  #include <stdarg.h>
>  
> -void *_dl_malloc(const size_t size);
> +void *_dl_malloc(size_t size);
> +void *_dl_calloc(size_t nmemb, const size_t size);
> +void *_dl_reallocarray(void *, size_t nmemb, size_t size);
>  void _dl_free(void *);
>  char *_dl_strdup(const char *);
>  size_t _dl_strlen(const char *);
> Index: ldconfig/prebind_path.c
> ===================================================================
> RCS file: /cvs/src/libexec/ld.so/ldconfig/prebind_path.c,v
> retrieving revision 1.2
> diff -u -p -r1.2 prebind_path.c
> --- ldconfig/prebind_path.c   13 Nov 2013 05:41:43 -0000      1.2
> +++ ldconfig/prebind_path.c   5 Jun 2014 11:22:36 -0000
> @@ -21,6 +21,12 @@
>  #include <string.h>
>  #include "util.h"
>  
> +void *                                                                       
>   
> +_dl_reallocarray(void *ptr, size_t cnt, size_t num)                          
>   
> +{                                                                            
>   
> +     return reallocarray(ptr, cnt, num);                                     
> +} 
> +
>  void *
>  _dl_malloc(size_t need)
>  {