malloc: Check for large bin list corruption when inserting unsorted chunk - mirror/glibc - mirror of git://sourceware.org/git/glibc.git

diff options

author	Adam Maris <amaris@redhat.com>	2019-03-14 16:51:16 -0400
committer	DJ Delorie <dj@redhat.com>	2019-03-14 16:51:16 -0400
commit	5b06f538c5aee0389ed034f60d90a8884d6d54de (patch)
tree	fd5924d5f840d9b42e259e346ca811a7c77506d1 /scripts/sysd-rules.awk
parent	a0a0dc83173ce11ff45105fd32e5d14356cdfb9c (diff)
download	glibc-5b06f538c5aee0389ed034f60d90a8884d6d54de.tar.gz glibc-5b06f538c5aee0389ed034f60d90a8884d6d54de.tar.xz glibc-5b06f538c5aee0389ed034f60d90a8884d6d54de.zip

malloc: Check for large bin list corruption when inserting unsorted chunk

Fixes bug 24216. This patch adds security checks for bk and bk_nextsize pointers
of chunks in large bin when inserting chunk from unsorted bin. It was possible
to write the pointer to victim (newly inserted chunk) to arbitrary memory
locations if bk or bk_nextsize pointers of the next large bin chunk
got corrupted.

Diffstat (limited to 'scripts/sysd-rules.awk')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: