From: Gabriel Corona <gabriel.corona@loria.fr>
Date: Fri, 25 Apr 2014 08:05:10 +0000 (+0200)
Subject: [mmalloc] Use mremap to expand heaps (heap collision prevention)
X-Git-Tag: v3_12~956^2~33
X-Git-Url: http://info.iut-bm.univ-fcomte.fr/pub/gitweb/simgrid.git/commitdiff_plain/ba3185d8a4f0a56804d3b1ff24e596096f06a37c

[mmalloc] Use mremap to expand heaps (heap collision prevention)

mremap() will fail instead of overwriting an existing memory mapping :
the first heap could silently overflow on the second one.
---

diff --git a/src/xbt/mmalloc/mmorecore.c b/src/xbt/mmalloc/mmorecore.c
index 9fbf7a9704..f47c53995d 100644
--- a/src/xbt/mmalloc/mmorecore.c
+++ b/src/xbt/mmalloc/mmorecore.c
@@ -109,9 +109,14 @@ void *mmorecore(struct mdesc *mdp, ssize_t size)
 
       /* Let's call mmap. Note that it is possible that mdp->top
          is 0. In this case mmap will choose the address for us */
-      mapto = mmap(mdp->top, mapbytes, PROT_READ | PROT_WRITE,
+      if(mdp->base==mdp->top)
+        mapto = mmap(mdp->top, mapbytes, PROT_READ | PROT_WRITE,
                    MAP_PRIVATE_OR_SHARED(mdp) | MAP_IS_ANONYMOUS(mdp) |
                    MAP_FIXED, MAP_ANON_OR_FD(mdp), foffset);
+      else {
+        size_t old_size = (char*)mdp->top - (char*)mdp->base;
+        mapto = mremap(mdp->base, old_size, old_size+size, 0);
+      }
 
       if (mapto == (void *) -1/* That's MAP_FAILED */) {
         char buff[1024];
@@ -124,9 +129,6 @@ void *mmorecore(struct mdesc *mdp, ssize_t size)
         abort();
       }
 
-      if (mdp->top == 0)
-        mdp->base = mdp->breakval = mapto;
-
       mdp->top = PAGE_ALIGN((char *) mdp->breakval + size);
       result = (void *) mdp->breakval;
       mdp->breakval = (char *) mdp->breakval + size;