OpenE2K
/
glibc
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

One more sanity check in free.

This commit is contained in:
Ulrich Drepper 2010-04-03 09:47:01 -07:00
parent 991eda1ec1
commit 90a3055e8b
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -1,5 +1,7 @@
2010-04-03 Ulrich Drepper <drepper@redhat.com>
* malloc/malloc.c (_int_free): Add one more sanity check for fastbins.
* malloc/malloc.c (set_max_fast): Fix computation of the value.
2010-03-30 David S. Miller <davem@davemloft.net>

15
malloc/malloc.c
View File

@ -4852,7 +4852,8 @@ _int_free(mstate av, mchunkptr p)
free_perturb (chunk2mem(p), size - SIZE_SZ);
set_fastchunks(av);
fb = &fastbin (av, fastbin_index(size));
unsigned int idx = fastbin_index(size);
fb = &fastbin (av, idx);
#ifdef ATOMIC_FASTBINS
mchunkptr fd;
@ -4866,6 +4867,12 @@ _int_free(mstate av, mchunkptr p)
errstr = "double free or corruption (fasttop)";
goto errout;
}
if (old != NULL
&& __builtin_expect (fastbin_index(chunksize(old)) != idx, 0))
{
errstr = "invalid fastbin entry (free)";
goto errout;
}
p->fd = fd = old;
}
while ((old = catomic_compare_and_exchange_val_rel (fb, p, fd)) != fd);
@ -4877,6 +4884,12 @@ _int_free(mstate av, mchunkptr p)
errstr = "double free or corruption (fasttop)";
goto errout;
}
if (*fb != NULL
&& __builtin_expect (fastbin_index(chunksize(*fb)) != idx, 0))
{
errstr = "invalid fastbin entry (free)";
goto errout;
}
p->fd = *fb;
*fb = p;