From 9a3a9dd8d9e03875f865a22de5296274cc18c10e Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@redhat.com>
Date: Tue, 19 Aug 2003 09:30:22 +0000
Subject: Update.

	* malloc/malloc.c (_int_free): Add cheap test for some invalid
	block sizes.
---
 malloc/malloc.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'malloc')

diff --git a/malloc/malloc.c b/malloc/malloc.c
index 5cc3473ae2..55e2cbc0cd 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4131,6 +4131,13 @@ _int_free(mstate av, Void_t* mem)
     p = mem2chunk(mem);
     size = chunksize(p);
 
+    /* Little security check which won't hurt performance: the
+       allocator never wrapps around at the end of the address space.
+       Therefore we can exclude some size values which might appear
+       here by accident or by "design" from some intruder.  */
+    if ((uintptr_t) p > (uintptr_t) -size)
+      return;
+
     check_inuse_chunk(av, p);
 
     /*
-- 
cgit 1.4.1