From: Qingqing Li <liqingqing3@huawei.com>
Date: Thu, 22 Sep 2022 19:32:56 +0000 (-0400)
Subject: malloc: Print error when oldsize is not equal to the current size.
X-Git-Tag: glibc-2.37~321
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=774d43f27dbc730ee4b8b37bce4d5b3d5c0b74b6;p=thirdparty%2Fglibc.git

malloc: Print error when oldsize is not equal to the current size.

This is used to detect errors early.  The read of the oldsize is
not protected by any lock, so check this value to avoid causing
bigger mistakes.

Reviewed-by: DJ Delorie <dj@redhat.com>
---

diff --git a/malloc/malloc.c b/malloc/malloc.c
index bfe19557379..67ac661256e 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4803,7 +4803,8 @@ _int_realloc (mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize,
 
   /* oldmem size */
   if (__builtin_expect (chunksize_nomask (oldp) <= CHUNK_HDR_SZ, 0)
-      || __builtin_expect (oldsize >= av->system_mem, 0))
+      || __builtin_expect (oldsize >= av->system_mem, 0)
+      || __builtin_expect (oldsize != chunksize (oldp), 0))
     malloc_printerr ("realloc(): invalid old size");
 
   check_inuse_chunk (av, oldp);