Fix dlmalloc horror bug - mman_map overwrites application code

ulib/_premain.c

@@ -5,25 +5,27 @@
 #include <errors.h>
 #include <dlmalloc/malloc.h>
 #include <uprintf.h>
+#include <log.h>
 
 extern void main(void);
 
-extern uint8_t _bss_start[];
-extern uint8_t _bss_end[];
+void clearbss(void) {
+  extern uint8_t _bss_start;
+  extern uint8_t _bss_end;
 
-void bss_clear(void) {
-  uint8_t *p = _bss_start;
-  while (p != _bss_end) {
-    *p = 0;
-    p++;
+  uint8_t *ps = &_bss_start;
+  uint8_t *pe = &_bss_end;
+  size_t sz = pe - ps;
+  for (size_t i = 0; i < sz; i++) {
+    ps[i] = 0;
   }
 }
 
-static char **_args;
-static size_t _argslen;
+char **_args;
+size_t _argslen;
 
 char **args(void) {
-  return _args;
+  return (char **)_args;
 }
 
 size_t argslen(void) {
@@ -32,7 +34,7 @@ size_t argslen(void) {
 
 // ulib initialization goes here
 void _premain(void) {
-  bss_clear();
+  clearbss();
 
   _argslen = processctl(-1, PCTL_ARGLEN, 0, 0, 0);
   _args = dlmalloc(_argslen * sizeof(*_args));
@@ -45,9 +47,8 @@ void _premain(void) {
       return;
     }
   }
-  if (processctl(-1, PCTL_ARGV, (uint64_t)_args, _argslen, 0) != E_OK) {
-    return;
-  }
+
+  processctl(-1, PCTL_ARGV, (uint64_t)_args, _argslen, 0);
 
   main();
 }

ulib/_start.S

@@ -9,4 +9,5 @@ _start:
   movq $2, %rax      // sys processctl
   movq $-1, %rdi // self magic num
   movq $0, %rsi       // kill cmd
+
   int $0x80

ulib/dlmalloc/dlmalloc_port.inc

@@ -53,24 +53,40 @@ int INITIAL_LOCK(SpinLock *sl) {
 static MLOCK_T malloc_global_mutex = { 0 };
 
 #define PAGE_SIZE 0x1000
+
+static uint8_t *heap_start = (uint8_t *)NULL;
 static uint8_t *heap_end = NULL;
 
-void *sbrk(long inc) {
+static size_t _roundpage(size_t sz) {
+  return (sz + PAGE_SIZE - 1) & ~(PAGE_SIZE - 1);
+}
+
+void *sbrk(ptrdiff_t inc) {
+  if (!heap_end) {
+    heap_end = heap_start;
+  }
+
   if (inc == 0) {
     return heap_end;
   }
 
-  uint8_t *new_heap_end = heap_end + inc;
-  if (new_heap_end > heap_end) {
-    size_t size = new_heap_end - heap_end;
+  uint8_t *oldh = heap_end;
+  uint8_t *newh = heap_end + inc;
 
-    uint8_t *out = NULL;
-    int32_t ret = mman_map(heap_end, size, MMAN_MAP_PF_RW, 0, &out);
-    if (ret != E_OK) {
+  if (inc > 0) {
+    size_t allocsz = _roundpage((size_t)(newh - oldh));
+    uint8_t *maddr = NULL;
+    int32_t ret = mman_map(NULL, allocsz, MMAN_MAP_PF_RW, 0, &maddr);
+    if (ret != E_OK || maddr == NULL) {
       return (void *)-1;
     }
-    string_memset(out, 0, size);
+    if (!heap_start) {
+      heap_start = maddr;
+    }
+    oldh = heap_end ? heap_end : maddr;
+    heap_end = oldh + allocsz;
+  } else {
+    heap_end = newh;
   }
-  heap_end = new_heap_end;
-  return (void *)heap_end;
+  return oldh;
 }

ulib/syscall/syscall.c

@@ -21,7 +21,7 @@ uint64_t syscall(uint64_t num, uint64_t arg1, uint64_t arg2,
       [ARG4]"r"(arg4),
       [ARG5]"r"(arg5),
       [ARG6]"r"(arg6)
-    : "%rax", "%rdi", "%rsi", "%rdx", "%r10", "%r8", "%r9", "memory"
+    : "rax", "rdi", "rsi", "rdx", "r10", "r8", "r9", "memory"
   );
   return ret;
 }

ulib/system/system.c

@@ -2,6 +2,10 @@
 #include <system/system.h>
 #include <syscall/syscall.h>
 #include <sysdefs/syscall.h>
+#include <sysdefs/ioctl.h>
+#include <sysdefs/processctl.h>
+#include <sysdefs/ipcpipe.h>
+#include <uprintf.h>
 
 void debugprint(const char *string) {
   syscall(SYS_DEBUGPRINT, (uint64_t)string, 0, 0, 0, 0, 0);

ulib/util/util.h

@@ -0,0 +1,6 @@
+#ifndef ULIB_UTIL_UTIL_H_
+#define ULIB_UTIL_UTIL_H_
+
+#define ARRLEN(X) (sizeof((X))/sizeof((X)[0]))
+
+#endif // ULIB_UTIL_UTIL_H_