diff options
author | Ulrich Drepper <drepper@redhat.com> | 2004-11-20 04:45:06 +0000 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 2004-11-20 04:45:06 +0000 |
commit | 6cce65407e2fc5015c69bb38741d6942b3e412c3 (patch) | |
tree | e8ce13071301d740bb358dcb12890b205a9d194b | |
parent | 893e609847a2f372970e349e0cede2e8529bea71 (diff) | |
download | glibc-6cce65407e2fc5015c69bb38741d6942b3e412c3.tar.gz glibc-6cce65407e2fc5015c69bb38741d6942b3e412c3.tar.xz glibc-6cce65407e2fc5015c69bb38741d6942b3e412c3.zip |
Update.
* malloc/malloc.c (_int_malloc): Check for corruption of chunk which is about to be returned.
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | malloc/malloc.c | 10 |
2 files changed, 12 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog index ae8cc2e29b..a5cd019f9d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 2004-11-19 Ulrich Drepper <drepper@redhat.com> + * malloc/malloc.c (_int_malloc): Check for corruption of chunk + which is about to be returned. + * malloc/malloc.c (_int_free): Add a few more cheap tests for corruption. diff --git a/malloc/malloc.c b/malloc/malloc.c index d6810be7f6..b62ffb57c0 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -3840,8 +3840,12 @@ _int_malloc(mstate av, size_t bytes) */ if ((unsigned long)(nb) <= (unsigned long)(av->max_fast)) { - fb = &(av->fastbins[(fastbin_index(nb))]); + long int idx = fastbin_index(nb); + fb = &(av->fastbins[idx]); if ( (victim = *fb) != 0) { + if (__builtin_expect (fastbin_index (chunksize (victim)) != idx, 0)) + malloc_printerr (check_action, "malloc(): memory corruption (fast)", + chunk2mem (victim)); *fb = victim->fd; check_remalloced_chunk(av, victim, nb); return chunk2mem(victim); @@ -3911,6 +3915,10 @@ _int_malloc(mstate av, size_t bytes) while ( (victim = unsorted_chunks(av)->bk) != unsorted_chunks(av)) { bck = victim->bk; + if (__builtin_expect (victim->size <= 2 * SIZE_SZ, 0) + || __builtin_expect (victim->size > av->system_mem, 0)) + malloc_printerr (check_action, "malloc(): memory corruption", + chunk2mem (victim)); size = chunksize(victim); /* |