summary refs log tree commit diff
path: root/malloc
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2014-09-10 20:29:15 +0200
committerFlorian Weimer <fweimer@redhat.com>2014-09-11 10:59:05 +0200
commit52ffbdf25a1100986f4ae27bb0febbe5a722ab25 (patch)
treead376175049819a8a4927dd9e72cf77338d3da0e /malloc
parent984c0ea97f649c869130a1ff099098e2b6f70aad (diff)
downloadglibc-52ffbdf25a1100986f4ae27bb0febbe5a722ab25.tar.gz
glibc-52ffbdf25a1100986f4ae27bb0febbe5a722ab25.tar.xz
glibc-52ffbdf25a1100986f4ae27bb0febbe5a722ab25.zip
malloc: additional unlink hardening for non-small bins [BZ #17344]
Turn two asserts into a conditional call to malloc_printerr.  The
memory locations are accessed later anyway, so the performance
impact is minor.
Diffstat (limited to 'malloc')
-rw-r--r--malloc/malloc.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 6ee38401dd..6cbe9f32f8 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -1418,8 +1418,10 @@ typedef struct malloc_chunk *mbinptr;
         BK->fd = FD;							      \
         if (!in_smallbin_range (P->size)				      \
             && __builtin_expect (P->fd_nextsize != NULL, 0)) {		      \
-            assert (P->fd_nextsize->bk_nextsize == P);			      \
-            assert (P->bk_nextsize->fd_nextsize == P);			      \
+	    if (__builtin_expect (P->fd_nextsize->bk_nextsize != P, 0)	      \
+		|| __builtin_expect (P->bk_nextsize->fd_nextsize != P, 0))    \
+	      malloc_printerr (check_action,				      \
+			       "corrupted double-linked list (not small)", P);\
             if (FD->fd_nextsize == NULL) {				      \
                 if (P->fd_nextsize == P)				      \
                   FD->fd_nextsize = FD->bk_nextsize = FD;		      \