diff options
| author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2025-03-27 12:30:48 -0300 |
|---|---|---|
| committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2025-04-02 18:01:55 +0000 |
| commit | c8e73a1492b01b9b0c189d6a5c53a5a697827bae (patch) | |
| tree | 50a812e61c87a41d6001a5de105ecd0fe8a7e90b /stdlib/tst-qsort4.c | |
| parent | e8514ac7aaf1bd0cf791dbdac0b2584ef3c42e98 (diff) | |
| download | glibc-c8e73a1492b01b9b0c189d6a5c53a5a697827bae.tar.xz glibc-c8e73a1492b01b9b0c189d6a5c53a5a697827bae.zip | |
stdlib: Fix qsort memory leak if callback throws (BZ 32058)
If the input buffer exceeds the stack auxiliary buffer, qsort will
malloc a temporary one to call mergesort. Since C++ standard does
allow the callback comparison function to throw [1], the glibc
implementation can potentially leak memory.
The fixes uses a pthread_cleanup_combined_push and
pthread_cleanup_combined_pop, so it can work with and without
exception enables. The qsort code path that calls malloc now
requires some extra setup and a call to __pthread_cleanup_push
anmd __pthread_cleanup_pop (which should be ok since they just
setup some buffer state).
Checked on x86_64-linux-gnu.
[1] https://timsong-cpp.github.io/cppwp/n4950/alg.c.library#4
Reviewed-by: DJ Delorie <dj@redhat.com>
Diffstat (limited to 'stdlib/tst-qsort4.c')
| -rw-r--r-- | stdlib/tst-qsort4.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/stdlib/tst-qsort4.c b/stdlib/tst-qsort4.c index 2875d40eb7..a36e66a697 100644 --- a/stdlib/tst-qsort4.c +++ b/stdlib/tst-qsort4.c @@ -16,6 +16,10 @@ License along with the GNU C Library; if not, see <http://www.gnu.org/licenses/>. */ +#undef pthread_cleanup_combined_push +#define pthread_cleanup_combined_push(routine, arg) +#undef pthread_cleanup_combined_pop +#define pthread_cleanup_combined_pop(execute) #include "qsort.c" #include <stdio.h> |