Update.

author Ulrich Drepper <drepper@redhat.com>

Tue, 19 Aug 2003 09:30:22 +0000 (09:30 +0000)

committer Ulrich Drepper <drepper@redhat.com>

Tue, 19 Aug 2003 09:30:22 +0000 (09:30 +0000)
author Ulrich Drepper <drepper@redhat.com>
Tue, 19 Aug 2003 09:30:22 +0000 (09:30 +0000)
committer Ulrich Drepper <drepper@redhat.com>
Tue, 19 Aug 2003 09:30:22 +0000 (09:30 +0000)
diff --git a/ChangeLog b/ChangeLog

index 32dee08..7e915a0 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
  2003-08-19  Ulrich Drepper  <drepper@redhat.com>
  
+       * malloc/malloc.c (_int_free): Add cheap test for some invalid
+       block sizes.
+
         * sysdeps/unix/sysv/linux/i386/posix_fadvise64.S: Fix typo in
         syscall name.
  
diff --git a/malloc/malloc.c b/malloc/malloc.c

index 5cc3473..55e2cbc 100644 (file)
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4131,6 +4131,13 @@ _int_free(mstate av, Void_t* mem)
      p = mem2chunk(mem);
      size = chunksize(p);
  
+    /* Little security check which won't hurt performance: the
+       allocator never wrapps around at the end of the address space.
+       Therefore we can exclude some size values which might appear
+       here by accident or by "design" from some intruder.  */
+    if ((uintptr_t) p > (uintptr_t) -size)
+      return;
+
      check_inuse_chunk(av, p);
  
      /*
author	Ulrich Drepper <drepper@redhat.com>
	Tue, 19 Aug 2003 09:30:22 +0000 (09:30 +0000)
committer	Ulrich Drepper <drepper@redhat.com>
	Tue, 19 Aug 2003 09:30:22 +0000 (09:30 +0000)
ChangeLog		patch \| blob \| history
malloc/malloc.c		patch \| blob \| history