2010-04-03 Ulrich Drepper <drepper@redhat.com>
+ * malloc/malloc.c (_int_free): Add one more sanity check for fastbins.
+
* malloc/malloc.c (set_max_fast): Fix computation of the value.
2010-03-30 David S. Miller <davem@davemloft.net>
free_perturb (chunk2mem(p), size - SIZE_SZ);
set_fastchunks(av);
- fb = &fastbin (av, fastbin_index(size));
+ unsigned int idx = fastbin_index(size);
+ fb = &fastbin (av, idx);
#ifdef ATOMIC_FASTBINS
mchunkptr fd;
errstr = "double free or corruption (fasttop)";
goto errout;
}
+ if (old != NULL
+ && __builtin_expect (fastbin_index(chunksize(old)) != idx, 0))
+ {
+ errstr = "invalid fastbin entry (free)";
+ goto errout;
+ }
p->fd = fd = old;
}
while ((old = catomic_compare_and_exchange_val_rel (fb, p, fd)) != fd);
errstr = "double free or corruption (fasttop)";
goto errout;
}
+ if (*fb != NULL
+ && __builtin_expect (fastbin_index(chunksize(*fb)) != idx, 0))
+ {
+ errstr = "invalid fastbin entry (free)";
+ goto errout;
+ }
p->fd = *fb;
*fb = p;