diff options
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | malloc/malloc.c | 6 |
2 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index a956c55002..6e30d38fcb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2005-10-12 Ulrich Drepper <drepper@redhat.com> + * malloc/malloc.c (_int_free): Fail if block size is obviously wrong. + * include/malloc.h: Remove _int_new_arena prototype. * malloc/arena.c (_int_new_arena): Move definition ahead of arena_get2 and make static. diff --git a/malloc/malloc.c b/malloc/malloc.c index a8bc76739f..4ea35254bb 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -4278,6 +4278,12 @@ _int_free(mstate av, Void_t* mem) malloc_printerr (check_action, errstr, mem); return; } + /* We know that each chunk is at least MINSIZE bytes in size. */ + if (__builtin_expect (size < MINSIZE, 0)) + { + errstr = "free(): invalid size"; + goto errout; + } check_inuse_chunk(av, p); |