aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2003-08-19 09:30:22 +0000
committerUlrich Drepper <drepper@redhat.com>2003-08-19 09:30:22 +0000
commit9a3a9dd8d9e03875f865a22de5296274cc18c10e (patch)
tree7680f49cc29b1f7ba4b3f0ebaaafb046f91395b2
parent75f2e0d10985cfb8a4dc36613d1aa76952079bd2 (diff)
downloadglibc-9a3a9dd8d9e03875f865a22de5296274cc18c10e.zip
glibc-9a3a9dd8d9e03875f865a22de5296274cc18c10e.tar.gz
glibc-9a3a9dd8d9e03875f865a22de5296274cc18c10e.tar.bz2
Update.
* malloc/malloc.c (_int_free): Add cheap test for some invalid block sizes.
-rw-r--r--ChangeLog3
-rw-r--r--malloc/malloc.c7
2 files changed, 10 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 32dee08..7e915a0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
2003-08-19 Ulrich Drepper <drepper@redhat.com>
+ * malloc/malloc.c (_int_free): Add cheap test for some invalid
+ block sizes.
+
* sysdeps/unix/sysv/linux/i386/posix_fadvise64.S: Fix typo in
syscall name.
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 5cc3473..55e2cbc 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4131,6 +4131,13 @@ _int_free(mstate av, Void_t* mem)
p = mem2chunk(mem);
size = chunksize(p);
+ /* Little security check which won't hurt performance: the
+ allocator never wrapps around at the end of the address space.
+ Therefore we can exclude some size values which might appear
+ here by accident or by "design" from some intruder. */
+ if ((uintptr_t) p > (uintptr_t) -size)
+ return;
+
check_inuse_chunk(av, p);
/*