malloc: tcache double free check - mirror/glibc - mirror of git://sourceware.org/git/glibc.git

diff options

author	DJ Delorie <dj@delorie.com>	2018-11-20 13:24:09 -0500
committer	DJ Delorie <dj@delorie.com>	2018-11-28 15:45:42 -0500
commit	b8dd0f42780a3133c02f064a2c0c5c4e7ab61aaa (patch)
tree	8d4522db7fcf8283874550eb07323b5c0398ecbf /elf
parent	ce6ba630dbc96f49eb1f30366aa62261df4792f9 (diff)
download	glibc-b8dd0f42780a3133c02f064a2c0c5c4e7ab61aaa.tar.gz glibc-b8dd0f42780a3133c02f064a2c0c5c4e7ab61aaa.tar.xz glibc-b8dd0f42780a3133c02f064a2c0c5c4e7ab61aaa.zip

malloc: tcache double free check

* malloc/malloc.c (tcache_entry): Add key field.
(tcache_put): Set it.
(tcache_get): Likewise.
(_int_free): Check for double free in tcache.
* malloc/tst-tcfree1.c: New.
* malloc/tst-tcfree2.c: New.
* malloc/Makefile: Run the new tests.
* manual/probes.texi: Document memory_tcache_double_free probe.

* dlfcn/dlerror.c (check_free): Prevent double frees.

(cherry picked from commit bcdaad21d4635931d1bd3b54a7894276925d081d)

malloc: tcache: Validate tc_idx before checking for double-frees [BZ #23907]

The previous check could read beyond the end of the tcache entry
array.  If the e->key == tcache cookie check happened to pass, this
would result in crashes.

(cherry picked from commit affec03b713c82c43a5b025dddc21bde3334f41e)

Diffstat (limited to 'elf')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: