aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2004-12-14 21:18:36 +0000
committerUlrich Drepper <drepper@redhat.com>2004-12-14 21:18:36 +0000
commitb102cfc2f96ac88aa75ed558c1d4d664c1365292 (patch)
tree3a483f7d80ebcf79b459df9a1bcdccfa8757ed38
parent1f7d96933e7e8b720e1034187656011a59b3b03c (diff)
downloadglibc-b102cfc2f96ac88aa75ed558c1d4d664c1365292.zip
glibc-b102cfc2f96ac88aa75ed558c1d4d664c1365292.tar.gz
glibc-b102cfc2f96ac88aa75ed558c1d4d664c1365292.tar.bz2
[BZ #457]
Update. 2004-10-19 Wolfram Gloger <wg@malloc.de> * malloc/hooks.c (mem2chunk_check, top_check): Handle non-contiguous arena. Reported by Michael Dalton <mwdalton@stanford.edu> [BZ #457]. Add further checks for top chunk.
-rw-r--r--ChangeLog6
-rw-r--r--malloc/hooks.c22
2 files changed, 20 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 12a7011..a33df5d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2004-10-19 Wolfram Gloger <wg@malloc.de>
+
+ * malloc/hooks.c (mem2chunk_check, top_check): Handle
+ non-contiguous arena. Reported by Michael Dalton
+ <mwdalton@stanford.edu> [BZ #457]. Add further checks for top chunk.
+
2004-12-14 Jakub Jelinek <jakub@redhat.com>
* sysdeps/posix/sysconf.c (__sysconf_check_spec): Remove leading
diff --git a/malloc/hooks.c b/malloc/hooks.c
index 8a94fd0..a5c97f3 100644
--- a/malloc/hooks.c
+++ b/malloc/hooks.c
@@ -157,15 +157,16 @@ mem2chunk_check(mem) Void_t* mem;
if(!aligned_OK(mem)) return NULL;
p = mem2chunk(mem);
- if( (char*)p>=mp_.sbrk_base &&
- (char*)p<(mp_.sbrk_base+main_arena.system_mem) ) {
+ if (!chunk_is_mmapped(p)) {
/* Must be a chunk in conventional heap memory. */
- if(chunk_is_mmapped(p) ||
- ( (sz = chunksize(p)),
- ((char*)p + sz)>=(mp_.sbrk_base+main_arena.system_mem) ) ||
+ int contig = contiguous(&main_arena);
+ sz = chunksize(p);
+ if((contig &&
+ ((char*)p<mp_.sbrk_base ||
+ ((char*)p + sz)>=(mp_.sbrk_base+main_arena.system_mem) )) ||
sz<MINSIZE || sz&MALLOC_ALIGN_MASK || !inuse(p) ||
( !prev_inuse(p) && (p->prev_size&MALLOC_ALIGN_MASK ||
- (long)prev_chunk(p)<(long)mp_.sbrk_base ||
+ (contig && (char*)prev_chunk(p)<mp_.sbrk_base) ||
next_chunk(prev_chunk(p))!=p) ))
return NULL;
magic = MAGICBYTE(p);
@@ -213,8 +214,13 @@ top_check()
INTERNAL_SIZE_T front_misalign, sbrk_size;
unsigned long pagesz = malloc_getpagesize;
- if((char*)t + chunksize(t) == mp_.sbrk_base + main_arena.system_mem ||
- t == initial_top(&main_arena)) return 0;
+ if (t == initial_top(&main_arena) ||
+ (!chunk_is_mmapped(t) &&
+ chunksize(t)>=MINSIZE &&
+ prev_inuse(t) &&
+ (!contiguous(&main_arena) ||
+ (char*)t + chunksize(t) == mp_.sbrk_base + main_arena.system_mem)))
+ return 0;
malloc_printerr (check_action, "malloc: top chunk is corrupt", t);