Don't use the main arena in retry path if it is corrupt

If allocation on a non-main arena fails, the main arena is used
without checking to see if it is corrupt.  Add a check that avoids the
main arena if it is corrupt.

	* malloc/arena.c (arena_get_retry): Don't use main_arena if it is
	corrupt.

diff --git a/ChangeLog b/ChangeLog
index 1b5b03e..dae71ce 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2015-08-24  Siddhesh Poyarekar  <siddhesh@redhat.com>
 
+       * malloc/arena.c (arena_get_retry): Don't use main_arena if it
+       is corrupt.
+
        * malloc/arena.c (arena_get2): Drop unused argument.
        (arena_lock): Adjust.
        (arena_get_retry): Likewise.

diff --git a/malloc/arena.c b/malloc/arena.c
index cfec94d..b44e307 100644 (file)
--- a/malloc/arena.c
+++ b/malloc/arena.c
@@ -909,6 +909,10 @@ arena_get_retry (mstate ar_ptr, size_t bytes)
   if (ar_ptr != &main_arena)
     {
       (void) mutex_unlock (&ar_ptr->mutex);
+      /* Don't touch the main arena if it is corrupt.  */
+      if (arena_is_corrupt (&main_arena))
+       return NULL;
+
       ar_ptr = &main_arena;
       (void) mutex_lock (&ar_ptr->mutex);
     }