summary refs log tree commit diff
path: root/stdlib/alloca.h
diff options
context:
space:
mode:
authorW. Hashimoto <ssmallkirby@gmail.com>2020-12-11 16:59:10 -0500
committerDJ Delorie <dj@redhat.com>2020-12-11 16:59:10 -0500
commit0e00b35704e67c499c3abfbd5b6224a13d38b012 (patch)
treef152ace4c444d59c1590e40d2ce814e442f97346 /stdlib/alloca.h
parent751acde7ec335506b54e94ed6f2c998f6c0a22c6 (diff)
downloadglibc-0e00b35704e67c499c3abfbd5b6224a13d38b012.tar.gz
glibc-0e00b35704e67c499c3abfbd5b6224a13d38b012.tar.xz
glibc-0e00b35704e67c499c3abfbd5b6224a13d38b012.zip
malloc: Detect infinite-loop in _int_free when freeing tcache [BZ#27052]
If linked-list of tcache contains a loop, it invokes infinite
loop in _int_free when freeing tcache. The PoC which invokes
such infinite loop is on the Bugzilla(#27052). This loop
should terminate when the loop exceeds mp_.tcache_count and
the program should abort. The affected glibc version is
2.29 or later.

Reviewed-by: DJ Delorie <dj@redhat.com>
Diffstat (limited to 'stdlib/alloca.h')
0 files changed, 0 insertions, 0 deletions