From 5c612ff8114a0cad0f07f53177b5e3209b5217d1 Mon Sep 17 00:00:00 2001 From: Piggy Date: Sun, 3 Aug 2025 22:51:55 +0800 Subject: [PATCH] Fix bitmap_ffu out of range read --- 0006-Fix-bitmap_ffu-out-of-range-read.patch | 36 +++++++++++++++++++++ jemalloc.spec | 6 +++- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 0006-Fix-bitmap_ffu-out-of-range-read.patch diff --git a/0006-Fix-bitmap_ffu-out-of-range-read.patch b/0006-Fix-bitmap_ffu-out-of-range-read.patch new file mode 100644 index 0000000..9430374 --- /dev/null +++ b/0006-Fix-bitmap_ffu-out-of-range-read.patch @@ -0,0 +1,36 @@ +From 222adb3361a4e8b1dcab6bb7261790d80136a2c5 Mon Sep 17 00:00:00 2001 +From: Piggy +Date: Wed, 30 Jul 2025 18:57:29 +0800 +Subject: [PATCH] Fix bitmap_ffu out of range read + +--- + include/jemalloc/internal/bitmap.h | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/include/jemalloc/internal/bitmap.h b/include/jemalloc/internal/bitmap.h +index dc19454..a89b31f 100644 +--- a/include/jemalloc/internal/bitmap.h ++++ b/include/jemalloc/internal/bitmap.h +@@ -283,14 +283,17 @@ bitmap_ffu(const bitmap_t *bitmap, const bitmap_info_t *binfo, size_t min_bit) { + bitmap_t g = bitmap[i] & ~((1LU << (min_bit & BITMAP_GROUP_NBITS_MASK)) + - 1); + size_t bit; +- do { ++ while (1) { + if (g != 0) { + bit = ffs_lu(g); + return (i << LG_BITMAP_GROUP_NBITS) + bit; + } + i++; ++ if (i >= binfo->ngroups) { ++ break; ++ } + g = bitmap[i]; +- } while (i < binfo->ngroups); ++ } + return binfo->nbits; + #endif + } +-- +2.36.1.windows.1 + diff --git a/jemalloc.spec b/jemalloc.spec index b4f78c8..56e4a33 100644 --- a/jemalloc.spec +++ b/jemalloc.spec @@ -12,7 +12,7 @@ Name: jemalloc Version: 5.3.0 -Release: 4 +Release: 5 Summary: General-purpose scalable concurrent malloc implementation License: BSD-2-Clause URL: http://www.canonware.com/jemalloc/ @@ -23,6 +23,7 @@ Patch0002: 0002-Fix-check-mallctl-setting-max_background_thread-by-0.patch Patch0003: 0003-Fix-possible-NULL-pointer-dereference-from-mallctl.patch Patch0004: 0004-Fix-possible-NULL-pointer-dereference-in-VERIFY_READ.patch Patch0005: 0005-Fix-purging-during-arena-migration-when-bgthd-on.patch +Patch0006: 0006-Fix-bitmap_ffu-out-of-range-read.patch BuildRequires: perl-generators gcc /usr/bin/xsltproc @@ -85,6 +86,9 @@ make check %{_mandir}/man3/jemalloc.3* %changelog +* Sun Aug 03 2025 Piggy - 5.3.0-5 +- Fix bitmap_ffu out of range read + * Thu Jul 31 2025 Piggy - 5.3.0-4 - Fix purging during arena migration when bgthd on -- Gitee