From 85cfbc035370d2a3715ea9de3e590ba83fae52d1 Mon Sep 17 00:00:00 2001
From: Zhiqiang Zhang <zhangzhiqiang.zhang@huawei.com>
Date: Wed, 18 Mar 2015 18:44:50 +0800
Subject: malloc: checked_request2size failure deadlocks

For some rarely cases(almost App bugs), calling malloc with
a very largre size, checked_request2size check will fail,set
ENOMEM, and return 0 to caller.

But this will let __malloc_lock futex locked and owned by the
caller. In multithread circumstance, other thread calling
malloc/calloc will NOT succeed and get locked.

Signed-off-by: Zhiqiang Zhang <zhangzhiqiang.zhang@huawei.com>
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
---
 libc/stdlib/malloc-standard/malloc.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'libc/stdlib/malloc-standard/malloc.c')

diff --git a/libc/stdlib/malloc-standard/malloc.c b/libc/stdlib/malloc-standard/malloc.c
index 2abb5bbdd..fd33b50c7 100644
--- a/libc/stdlib/malloc-standard/malloc.c
+++ b/libc/stdlib/malloc-standard/malloc.c
@@ -832,8 +832,6 @@ void* malloc(size_t bytes)
     }
 #endif
 
-    __MALLOC_LOCK;
-    av = get_malloc_state();
     /*
        Convert request size to internal form by adding (sizeof(size_t)) bytes
        overhead plus possibly more to obtain necessary alignment and/or
@@ -845,6 +843,9 @@ void* malloc(size_t bytes)
 
     checked_request2size(bytes, nb);
 
+    __MALLOC_LOCK;
+    av = get_malloc_state();
+
     /*
        Bypass search if no frees yet
        */
-- 
cgit v1.2.3