1 files changed, 53 insertions, 0 deletions

diff --git a/main/musl/0005-mitigate-vsz-explotion.patch b/main/musl/0005-mitigate-vsz-explotion.patch
new file mode 100644
index 0000000000..93e4a883df
--- /dev/null
+++ b/main/musl/0005-mitigate-vsz-explotion.patch
@@ -0,0 +1,53 @@
+diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c
+index eb68d55..b90636c 100644
+--- a/src/malloc/malloc.c
++++ b/src/malloc/malloc.c
+@@ -464,18 +464,6 @@ void free(void *p)
+ 	if (next->psize != self->csize) a_crash();
+ 
+ 	for (;;) {
+-		/* Replace middle of large chunks with fresh zero pages */
+-		if (reclaim && (self->psize & next->csize & C_INUSE)) {
+-			uintptr_t a = (uintptr_t)self + SIZE_ALIGN+PAGE_SIZE-1 & -PAGE_SIZE;
+-			uintptr_t b = (uintptr_t)next - SIZE_ALIGN & -PAGE_SIZE;
+-#if 1
+-			__madvise((void *)a, b-a, MADV_DONTNEED);
+-#else
+-			__mmap((void *)a, b-a, PROT_READ|PROT_WRITE,
+-				MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED, -1, 0);
+-#endif
+-		}
+-
+ 		if (self->psize & next->csize & C_INUSE) {
+ 			self->csize = final_size | C_INUSE;
+ 			next->psize = final_size | C_INUSE;
+@@ -505,6 +493,9 @@ void free(void *p)
+ 		}
+ 	}
+ 
++	if (!(mal.binmap & 1ULL<<i))
++		a_or_64(&mal.binmap, 1ULL<<i);
++
+ 	self->csize = final_size;
+ 	next->psize = final_size;
+ 	unlock(mal.free_lock);
+@@ -514,8 +505,17 @@ void free(void *p)
+ 	self->next->prev = self;
+ 	self->prev->next = self;
+ 
+-	if (!(mal.binmap & 1ULL<<i))
+-		a_or_64(&mal.binmap, 1ULL<<i);
++	/* Replace middle of large chunks with fresh zero pages */
++	if (reclaim) {
++		uintptr_t a = (uintptr_t)self + SIZE_ALIGN+PAGE_SIZE-1 & -PAGE_SIZE;
++		uintptr_t b = (uintptr_t)next - SIZE_ALIGN & -PAGE_SIZE;
++#if 1
++		__madvise((void *)a, b-a, MADV_DONTNEED);
++#else
++		__mmap((void *)a, b-a, PROT_READ|PROT_WRITE,
++			MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED, -1, 0);
++#endif
++	}
+ 
+ 	unlock_bin(i);
+ }