* malloc/malloc.c (_int_free): Fail if block size is obviously wrong.

author Ulrich Drepper <drepper@redhat.com>

Thu, 13 Oct 2005 04:48:35 +0000 (04:48 +0000)

committer Ulrich Drepper <drepper@redhat.com>

Thu, 13 Oct 2005 04:48:35 +0000 (04:48 +0000)
author Ulrich Drepper <drepper@redhat.com>
Thu, 13 Oct 2005 04:48:35 +0000 (04:48 +0000)
committer Ulrich Drepper <drepper@redhat.com>
Thu, 13 Oct 2005 04:48:35 +0000 (04:48 +0000)
diff --git a/ChangeLog b/ChangeLog

index a956c55..6e30d38 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
  2005-10-12  Ulrich Drepper  <drepper@redhat.com>
  
+       * malloc/malloc.c (_int_free): Fail if block size is obviously wrong.
+
         * include/malloc.h: Remove _int_new_arena prototype.
         * malloc/arena.c (_int_new_arena): Move definition ahead of
         arena_get2 and make static.
diff --git a/malloc/malloc.c b/malloc/malloc.c

index a8bc767..4ea3525 100644 (file)
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4278,6 +4278,12 @@ _int_free(mstate av, Void_t* mem)
        malloc_printerr (check_action, errstr, mem);
        return;
      }
+  /* We know that each chunk is at least MINSIZE bytes in size.  */
+  if (__builtin_expect (size < MINSIZE, 0))
+    {
+      errstr = "free(): invalid size";
+      goto errout;
+    }
  
    check_inuse_chunk(av, p);
author	Ulrich Drepper <drepper@redhat.com>
	Thu, 13 Oct 2005 04:48:35 +0000 (04:48 +0000)
committer	Ulrich Drepper <drepper@redhat.com>
	Thu, 13 Oct 2005 04:48:35 +0000 (04:48 +0000)
ChangeLog		patch \| blob \| history
malloc/malloc.c		patch \| blob \| history