From 362b47fe09ca9a928d444c7e2f7992f7f61bfc3e Mon Sep 17 00:00:00 2001
From: Maxim Kuvyrkov <maxim@kugelworks.com>
Date: Tue, 24 Dec 2013 09:44:50 +1300
Subject: Fix race in free() of fastbin chunk: BZ #15073

Perform sanity check only if we have_lock.  Due to lockless nature of fastbins
we need to be careful derefencing pointers to fastbin entries (chunksize(old)
in this case) in multithreaded environments.

The fix is to add have_lock to the if-condition checks.  The rest of the patch
only makes code more readable.

	* malloc/malloc.c (_int_free): Perform sanity check only if we
	have_lock.
---
 ChangeLog | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index 667b3f17a0..f3ead2e762 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2013-12-24  Maxim Kuvyrkov  <maxim@kugelworks.com>
+	    Ondřej Bílka  <neleai@seznam.cz>
+
+	[BZ #15073]
+	* malloc/malloc.c (_int_free): Perform sanity check only if we
+        have_lock.
+
 2013-12-23  Ondřej Bílka  <neleai@seznam.cz>
 
 	[BZ #12986]
-- 
cgit 1.4.1