diff options
author | Ulrich Drepper <drepper@redhat.com> | 2003-08-19 09:30:22 +0000 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 2003-08-19 09:30:22 +0000 |
commit | 9a3a9dd8d9e03875f865a22de5296274cc18c10e (patch) | |
tree | 7680f49cc29b1f7ba4b3f0ebaaafb046f91395b2 | |
parent | 75f2e0d10985cfb8a4dc36613d1aa76952079bd2 (diff) | |
download | glibc-9a3a9dd8d9e03875f865a22de5296274cc18c10e.zip glibc-9a3a9dd8d9e03875f865a22de5296274cc18c10e.tar.gz glibc-9a3a9dd8d9e03875f865a22de5296274cc18c10e.tar.bz2 |
Update.
* malloc/malloc.c (_int_free): Add cheap test for some invalid
block sizes.
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | malloc/malloc.c | 7 |
2 files changed, 10 insertions, 0 deletions
@@ -1,5 +1,8 @@ 2003-08-19 Ulrich Drepper <drepper@redhat.com> + * malloc/malloc.c (_int_free): Add cheap test for some invalid + block sizes. + * sysdeps/unix/sysv/linux/i386/posix_fadvise64.S: Fix typo in syscall name. diff --git a/malloc/malloc.c b/malloc/malloc.c index 5cc3473..55e2cbc 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -4131,6 +4131,13 @@ _int_free(mstate av, Void_t* mem) p = mem2chunk(mem); size = chunksize(p); + /* Little security check which won't hurt performance: the + allocator never wrapps around at the end of the address space. + Therefore we can exclude some size values which might appear + here by accident or by "design" from some intruder. */ + if ((uintptr_t) p > (uintptr_t) -size) + return; + check_inuse_chunk(av, p); /* |