diff options
| author | Jakub Jelinek <jakub@redhat.com> | 2004-11-19 00:20:40 +0000 |
|---|---|---|
| committer | Jakub Jelinek <jakub@redhat.com> | 2004-11-19 00:20:40 +0000 |
| commit | 5a312412f24a282cb24e762a33916484402c374b (patch) | |
| tree | c5844b51ee716df72e94a2145baf861e9540d162 | |
| parent | 3115c839ed6794e4112ed74f768b7ab5542693b5 (diff) | |
| download | glibc-5a312412f24a282cb24e762a33916484402c374b.tar.gz glibc-5a312412f24a282cb24e762a33916484402c374b.tar.xz glibc-5a312412f24a282cb24e762a33916484402c374b.zip | |
Another version of the free checks.
| -rw-r--r-- | malloc/malloc.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/malloc/malloc.c b/malloc/malloc.c index 323ad84663..ca7c7e59bc 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -4233,7 +4233,7 @@ _int_free(mstate av, Void_t* mem) #endif ) { - if (__builtin_expect (chunksize (chunk_at_offset (p, size)) < 2 * SIZE_SZ, + if (__builtin_expect (chunksize (chunk_at_offset (p, size)) <= 2 * SIZE_SZ, 0) || __builtin_expect (chunksize (chunk_at_offset (p, size)) >= av->system_mem, 0)) @@ -4285,7 +4285,12 @@ _int_free(mstate av, Void_t* mem) } nextsize = chunksize(nextchunk); - assert(nextsize > 0); + if (__builtin_expect (nextsize <= 2 * SIZE_SZ, 0) + || __builtin_expect (nextsize >= av->system_mem, 0)) + { + errstr = "invalid next size (normal)"; + goto errout; + } /* consolidate backward */ if (!prev_inuse(p)) { |