diff options
author | Florian Weimer <fweimer@redhat.com> | 2017-08-30 16:39:41 +0200 |
---|---|---|
committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2017-11-28 19:07:55 +0530 |
commit | 87889967934d237b11f98945a96c46f0015445e0 (patch) | |
tree | 6f70823d782d2963d3057f787fba173b843e3f1c /malloc | |
parent | aaa2eb83b8b6623ddb9cea44445b5342f96100be (diff) | |
download | glibc-87889967934d237b11f98945a96c46f0015445e0.tar.gz glibc-87889967934d237b11f98945a96c46f0015445e0.tar.xz glibc-87889967934d237b11f98945a96c46f0015445e0.zip |
malloc: Abort on heap corruption, without a backtrace [BZ #21754]
The stack trace printing caused deadlocks and has been itself been targeted by code execution exploits. (cherry-picked from ec2c1fcefb200c6cb7e09553f3c6af8815013d83)
Diffstat (limited to 'malloc')
-rw-r--r-- | malloc/malloc.c | 23 |
1 files changed, 4 insertions, 19 deletions
diff --git a/malloc/malloc.c b/malloc/malloc.c index dd9f699d97..c91fc099a7 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -1019,7 +1019,8 @@ static void* _int_realloc(mstate, mchunkptr, INTERNAL_SIZE_T, static void* _int_memalign(mstate, size_t, size_t); static void* _mid_memalign(size_t, size_t, void *); -static void malloc_printerr(int action, const char *str, void *ptr, mstate av); +static void malloc_printerr(int action, const char *str, void *ptr, mstate av) + __attribute__ ((noreturn)); static void* internal_function mem2mem_check(void *p, size_t sz); static int internal_function top_check(void); @@ -5399,24 +5400,8 @@ malloc_printerr (int action, const char *str, void *ptr, mstate ar_ptr) if (ar_ptr) set_arena_corrupt (ar_ptr); - if ((action & 5) == 5) - __libc_message ((action & 2) ? (do_abort | do_backtrace) : do_message, - "%s\n", str); - else if (action & 1) - { - char buf[2 * sizeof (uintptr_t) + 1]; - - buf[sizeof (buf) - 1] = '\0'; - char *cp = _itoa_word ((uintptr_t) ptr, &buf[sizeof (buf) - 1], 16, 0); - while (cp > buf) - *--cp = '0'; - - __libc_message ((action & 2) ? (do_abort | do_backtrace) : do_message, - "*** Error in `%s': %s: 0x%s ***\n", - __libc_argv[0] ? : "<unknown>", str, cp); - } - else if (action & 2) - abort (); + __libc_message (do_abort, "%s\n", str); + __builtin_unreachable (); } /* We need a wrapper function for one of the additions of POSIX. */ |