]> git.ipfire.org Git - thirdparty/glibc.git/commitdiff
projects / thirdparty / glibc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1a51e46)
malloc: Ensure that the consolidated fast chunk has a sane size.
authorIstvan Kurucsai <pistukem@gmail.com>
Fri, 12 Jan 2018 14:26:20 +0000 (15:26 +0100)
committerFlorian Weimer <fweimer@redhat.com>
Fri, 12 Jan 2018 14:26:20 +0000 (15:26 +0100)
ChangeLog patch | blob | blame | history
malloc/malloc.c patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index 72aaf78cf238733cd2ca36da6861a4c730cbe11e..fb280c1de58817f5d94f0b4d87d8fa1acd529c66 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2018-01-12  Istvan Kurucsai  <pistukem@gmail.com>
+
+       * malloc/malloc.c (malloc_consolidate): Add size check.
+
 2018-01-12  Florian Weimer  <fweimer@redhat.com>
 
        * support/write_message.c (write_message): Preserve errno.
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 48106f9bd455620cbaf1a30bcfbd095cb16791cc..f5aafd2c0511cd5a57174e12c2192e3fea3e0b7b 100644 (file)
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4431,6 +4431,12 @@ static void malloc_consolidate(mstate av)
     p = atomic_exchange_acq (fb, NULL);
     if (p != 0) {
       do {
+       {
+         unsigned int idx = fastbin_index (chunksize (p));
+         if ((&fastbin (av, idx)) != fb)
+           malloc_printerr ("malloc_consolidate(): invalid chunk size");
+       }
+
        check_inuse_chunk(av, p);
        nextp = p->fd;
 
A mirror of the official glibc repository