Bionic dlmalloc: Making dlmalloc_usable_size() thread-safe.M8960AAAAANLYA1016

dlmalloc_usable_size() does not have thread-safety mechanisms in place
while accessing dlmalloc's global  bookkeeping data structures.
dlmalloc_usable_size() is used by Bionic's level-10 memory debugger
(turned on using 'adb shell setprop libc.debug.malloc 10') in
bionic/libc/bionic/malloc_debug_leak.c. Wrong values returned by
dlmalloc_usable_size() causes the memory debugger to crash or raise a
false alarm.

Change-Id: I04a498e4e06d2f7877b25bd2bad77c3f3f029ed1

1 files changed, 16 insertions, 2 deletions

diff --git a/libc/bionic/dlmalloc.c b/libc/bionic/dlmalloc.c
index 19fbb75..6520a0c 100644..100755
--- a/libc/bionic/dlmalloc.c
+++ b/libc/bionic/dlmalloc.c
@@ -4542,8 +4542,22 @@ void dlmalloc_stats() {
 size_t dlmalloc_usable_size(void* mem) {
   if (mem != 0) {
     mchunkptr p = mem2chunk(mem);
-    if (cinuse(p))
-      return chunksize(p) - overhead_for(p);
+#if FOOTERS
+    mstate fm = get_mstate_for(p);
+    if (!ok_magic(fm)) {
+      USAGE_ERROR_ACTION(fm, p);
+      return 0;
+    }
+#else /* FOOTERS */
+#define fm gm
+#endif /* FOOTERS */
+    if (!PREACTION(fm)) {
+      size_t usable_size = 0;
+      if (cinuse(p))
+        usable_size = chunksize(p) - overhead_for(p);
+      POSTACTION(fm);
+      return usable_size;
+    }
   }
   return 0;
 }