aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2014-09-10 20:29:15 +0200
committerFlorian Weimer <fweimer@redhat.com>2014-09-11 10:59:05 +0200
commit52ffbdf25a1100986f4ae27bb0febbe5a722ab25 (patch)
treead376175049819a8a4927dd9e72cf77338d3da0e
parent984c0ea97f649c869130a1ff099098e2b6f70aad (diff)
downloadglibc-52ffbdf25a1100986f4ae27bb0febbe5a722ab25.zip
glibc-52ffbdf25a1100986f4ae27bb0febbe5a722ab25.tar.gz
glibc-52ffbdf25a1100986f4ae27bb0febbe5a722ab25.tar.bz2
malloc: additional unlink hardening for non-small bins [BZ #17344]
Turn two asserts into a conditional call to malloc_printerr. The memory locations are accessed later anyway, so the performance impact is minor.
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--NEWS2
-rw-r--r--malloc/malloc.c6
3 files changed, 11 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 0377062..71c9671 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-09-11 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #17344]
+ * malloc/malloc.c (unlink): Turn asserts into a call to
+ malloc_printerr.
+
2014-09-11 Tim Lammens <tim.lammens@gmail.com>
[BZ #17370]
diff --git a/NEWS b/NEWS
index c607d12..680c265 100644
--- a/NEWS
+++ b/NEWS
@@ -29,7 +29,7 @@ Version 2.20
16966, 16967, 16977, 16978, 16984, 16990, 16996, 17009, 17022, 17031,
17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078, 17079,
17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150, 17153,
- 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354.
+ 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17344, 17354.
* Reverted change of ABI data structures for s390 and s390x:
On s390 and s390x the size of struct ucontext and jmp_buf was increased in
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 6ee3840..6cbe9f3 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -1418,8 +1418,10 @@ typedef struct malloc_chunk *mbinptr;
BK->fd = FD; \
if (!in_smallbin_range (P->size) \
&& __builtin_expect (P->fd_nextsize != NULL, 0)) { \
- assert (P->fd_nextsize->bk_nextsize == P); \
- assert (P->bk_nextsize->fd_nextsize == P); \
+ if (__builtin_expect (P->fd_nextsize->bk_nextsize != P, 0) \
+ || __builtin_expect (P->bk_nextsize->fd_nextsize != P, 0)) \
+ malloc_printerr (check_action, \
+ "corrupted double-linked list (not small)", P);\
if (FD->fd_nextsize == NULL) { \
if (P->fd_nextsize == P) \
FD->fd_nextsize = FD->bk_nextsize = FD; \
generated by cgit v1.1 at 2025-01-28 14:44:17 +0000