From: Ulrich Drepper <drepper@redhat.com>
Date: Thu, 13 Oct 2005 04:48:35 +0000 (+0000)
Subject: * malloc/malloc.c (_int_free): Fail if block size is obviously wrong.
X-Git-Tag: cvs/fedora-glibc-2_3-20051017T0259~46
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bf58906631af8fe0d57625988b1d003cc09ef01d;p=thirdparty%2Fglibc.git

* malloc/malloc.c (_int_free): Fail if block size is obviously wrong.
---

diff --git a/ChangeLog b/ChangeLog
index a956c550026..6e30d38fcb0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 2005-10-12  Ulrich Drepper  <drepper@redhat.com>
 
+	* malloc/malloc.c (_int_free): Fail if block size is obviously wrong.
+
 	* include/malloc.h: Remove _int_new_arena prototype.
 	* malloc/arena.c (_int_new_arena): Move definition ahead of
 	arena_get2 and make static.
diff --git a/malloc/malloc.c b/malloc/malloc.c
index a8bc76739f8..4ea35254bb9 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4278,6 +4278,12 @@ _int_free(mstate av, Void_t* mem)
       malloc_printerr (check_action, errstr, mem);
       return;
     }
+  /* We know that each chunk is at least MINSIZE bytes in size.  */
+  if (__builtin_expect (size < MINSIZE, 0))
+    {
+      errstr = "free(): invalid size";
+      goto errout;
+    }
 
   check_inuse_chunk(av, p);