aboutsummaryrefslogtreecommitdiff
path: root/malloc/malloc.c
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2017-08-30 16:39:41 +0200
committerFlorian Weimer <fweimer@redhat.com>2017-08-30 16:39:41 +0200
commitec2c1fcefb200c6cb7e09553f3c6af8815013d83 (patch)
tree6da867b8b565f3d200688016fef68d8de42f9ae1 /malloc/malloc.c
parent9ce673b69e82578044958f66d93dcaddb23f6e95 (diff)
downloadglibc-ec2c1fcefb200c6cb7e09553f3c6af8815013d83.zip
glibc-ec2c1fcefb200c6cb7e09553f3c6af8815013d83.tar.gz
glibc-ec2c1fcefb200c6cb7e09553f3c6af8815013d83.tar.bz2
malloc: Abort on heap corruption, without a backtrace [BZ #21754]
The stack trace printing caused deadlocks and has been itself been targeted by code execution exploits.
Diffstat (limited to 'malloc/malloc.c')
-rw-r--r--malloc/malloc.c23
1 files changed, 4 insertions, 19 deletions
diff --git a/malloc/malloc.c b/malloc/malloc.c
index e3ff778..d290fde 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -1019,7 +1019,8 @@ static void* _int_realloc(mstate, mchunkptr, INTERNAL_SIZE_T,
static void* _int_memalign(mstate, size_t, size_t);
static void* _mid_memalign(size_t, size_t, void *);
-static void malloc_printerr(int action, const char *str, void *ptr, mstate av);
+static void malloc_printerr(int action, const char *str, void *ptr, mstate av)
+ __attribute__ ((noreturn));
static void* internal_function mem2mem_check(void *p, size_t sz);
static int internal_function top_check(void);
@@ -5408,24 +5409,8 @@ malloc_printerr (int action, const char *str, void *ptr, mstate ar_ptr)
if (ar_ptr)
set_arena_corrupt (ar_ptr);
- if ((action & 5) == 5)
- __libc_message ((action & 2) ? (do_abort | do_backtrace) : do_message,
- "%s\n", str);
- else if (action & 1)
- {
- char buf[2 * sizeof (uintptr_t) + 1];
-
- buf[sizeof (buf) - 1] = '\0';
- char *cp = _itoa_word ((uintptr_t) ptr, &buf[sizeof (buf) - 1], 16, 0);
- while (cp > buf)
- *--cp = '0';
-
- __libc_message ((action & 2) ? (do_abort | do_backtrace) : do_message,
- "*** Error in `%s': %s: 0x%s ***\n",
- __libc_argv[0] ? : "<unknown>", str, cp);
- }
- else if (action & 2)
- abort ();
+ __libc_message (do_abort, "%s\n", str);
+ __builtin_unreachable ();
}
/* We need a wrapper function for one of the additions of POSIX. */