From fda948a08b8b989509a71a51cffa378d9f6d0880 Mon Sep 17 00:00:00 2001 From: Piggy Date: Wed, 30 Jul 2025 21:52:55 +0800 Subject: [PATCH] Fix null ptr error --- ...l-setting-max_background_thread-by-0.patch | 51 +++++++++++++++++++ ...ULL-pointer-dereference-from-mallctl.patch | 26 ++++++++++ ...L-pointer-dereference-in-VERIFY_READ.patch | 27 ++++++++++ jemalloc.spec | 10 +++- 4 files changed, 112 insertions(+), 2 deletions(-) create mode 100644 0002-Fix-check-mallctl-setting-max_background_thread-by-0.patch create mode 100644 0003-Fix-possible-NULL-pointer-dereference-from-mallctl.patch create mode 100644 0004-Fix-possible-NULL-pointer-dereference-in-VERIFY_READ.patch diff --git a/0002-Fix-check-mallctl-setting-max_background_thread-by-0.patch b/0002-Fix-check-mallctl-setting-max_background_thread-by-0.patch new file mode 100644 index 0000000..2176a00 --- /dev/null +++ b/0002-Fix-check-mallctl-setting-max_background_thread-by-0.patch @@ -0,0 +1,51 @@ +From 2b095440fc313f5e9ee79be7fa6064ed28ff5c63 Mon Sep 17 00:00:00 2001 +From: Piggy +Date: Wed, 30 Jul 2025 18:51:45 +0800 +Subject: [PATCH] Fix check mallctl setting max_background_thread by 0 + +--- + src/ctl.c | 3 ++- + test/unit/background_thread_enable.c | 6 ++++++ + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/ctl.c b/src/ctl.c +index 135271b..3bbcbcc 100644 +--- a/src/ctl.c ++++ b/src/ctl.c +@@ -2079,7 +2079,8 @@ max_background_threads_ctl(tsd_t *tsd, const size_t *mib, + ret = 0; + goto label_return; + } +- if (newval > opt_max_background_threads) { ++ if (newval > opt_max_background_threads || ++ newval == 0) { + ret = EINVAL; + goto label_return; + } +diff --git a/test/unit/background_thread_enable.c b/test/unit/background_thread_enable.c +index 44034ac..c82d2e4 100644 +--- a/test/unit/background_thread_enable.c ++++ b/test/unit/background_thread_enable.c +@@ -58,6 +58,10 @@ TEST_BEGIN(test_max_background_threads) { + expect_d_eq(mallctl("max_background_threads", NULL, NULL, &max_n_thds, + sz_m), 0, "Failed to set max background threads"); + ++ size_t size_zero = 0; ++ expect_d_ne(mallctl("max_background_threads", NULL, NULL, &size_zero, ++ sz_m), 0, "Should not allow zero background threads"); ++ + unsigned id; + size_t sz_u = sizeof(unsigned); + +@@ -83,6 +87,8 @@ TEST_BEGIN(test_max_background_threads) { + new_max_thds = 1; + expect_d_eq(mallctl("max_background_threads", NULL, NULL, &new_max_thds, + sz_m), 0, "Failed to set max background threads"); ++ expect_d_ne(mallctl("max_background_threads", NULL, NULL, &size_zero, ++ sz_m), 0, "Should not allow zero background threads"); + expect_zu_eq(n_background_threads, new_max_thds, + "Number of background threads should be 1.\n"); + } +-- +2.36.1.windows.1 + diff --git a/0003-Fix-possible-NULL-pointer-dereference-from-mallctl.patch b/0003-Fix-possible-NULL-pointer-dereference-from-mallctl.patch new file mode 100644 index 0000000..0605e64 --- /dev/null +++ b/0003-Fix-possible-NULL-pointer-dereference-from-mallctl.patch @@ -0,0 +1,26 @@ +From 6b313d31fc6067b0bdc474daf85909d6f957f254 Mon Sep 17 00:00:00 2001 +From: Piggy +Date: Wed, 30 Jul 2025 19:12:20 +0800 +Subject: [PATCH] Fix possible NULL pointer dereference from mallctl + +--- + src/prof_sys.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/prof_sys.c b/src/prof_sys.c +index b5f1f5b..d978fdb 100644 +--- a/src/prof_sys.c ++++ b/src/prof_sys.c +@@ -600,6 +600,9 @@ bool + prof_prefix_set(tsdn_t *tsdn, const char *prefix) { + cassert(config_prof); + ctl_mtx_assert_held(tsdn); ++ if (prefix == NULL) { ++ return true; ++ } + malloc_mutex_lock(tsdn, &prof_dump_filename_mtx); + if (prof_prefix == NULL) { + malloc_mutex_unlock(tsdn, &prof_dump_filename_mtx); +-- +2.36.1.windows.1 + diff --git a/0004-Fix-possible-NULL-pointer-dereference-in-VERIFY_READ.patch b/0004-Fix-possible-NULL-pointer-dereference-in-VERIFY_READ.patch new file mode 100644 index 0000000..804db8c --- /dev/null +++ b/0004-Fix-possible-NULL-pointer-dereference-in-VERIFY_READ.patch @@ -0,0 +1,27 @@ +From 168459a0fae41206b151368ffc208acb283d032e Mon Sep 17 00:00:00 2001 +From: Piggy +Date: Wed, 30 Jul 2025 19:01:46 +0800 +Subject: [PATCH] Fix possible NULL pointer dereference in VERIFY_READ + +--- + src/ctl.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/ctl.c b/src/ctl.c +index 3bbcbcc..53cb7ba 100644 +--- a/src/ctl.c ++++ b/src/ctl.c +@@ -1805,7 +1805,9 @@ ctl_mtx_assert_held(tsdn_t *tsdn) { + /* Verify that the space provided is enough. */ + #define VERIFY_READ(t) do { \ + if (oldp == NULL || oldlenp == NULL || *oldlenp != sizeof(t)) { \ +- *oldlenp = 0; \ ++ if (oldlenp != NULL) { \ ++ *oldlenp = 0; \ ++ } \ + ret = EINVAL; \ + goto label_return; \ + } \ +-- +2.36.1.windows.1 + diff --git a/jemalloc.spec b/jemalloc.spec index 0a5f4f0..4a2079e 100644 --- a/jemalloc.spec +++ b/jemalloc.spec @@ -12,13 +12,16 @@ Name: jemalloc Version: 5.3.0 -Release: 2 +Release: 3 Summary: General-purpose scalable concurrent malloc implementation License: BSD-2-Clause URL: http://www.canonware.com/jemalloc/ Source0: https://github.com/jemalloc/%{name}/releases/download/%{version}/%{name}-%{version}.tar.bz2 Patch0001: 0001-Fix-clang-test-fail-in-align_alloc.c.patch +Patch0002: 0002-Fix-check-mallctl-setting-max_background_thread-by-0.patch +Patch0003: 0003-Fix-possible-NULL-pointer-dereference-from-mallctl.patch +Patch0004: 0004-Fix-possible-NULL-pointer-dereference-in-VERIFY_READ.patch BuildRequires: perl-generators gcc /usr/bin/xsltproc @@ -81,6 +84,9 @@ make check %{_mandir}/man3/jemalloc.3* %changelog +* Wed Jul 30 2025 Piggy - 5.3.0-3 +- Fix null ptr error + * Sat Sep 07 2024 yanying <201250106@smail.nju.edu.cn> - 5.3.0-2 - Fix clang test fail in align_alloc.c @@ -103,7 +109,7 @@ make check - Fix tcaches mutex pre-post fork handling * Tue Nov 16 2021 guominghong - 5.2.1-3 -- Fix Undefined Behavior in hash.h +- Fix Undefined Behavior in hash.h * Wed Nov 3 2021 guominghong - 5.2.1-2 - Fix large bin index accessed through cache bin descriptor -- Gitee