]> git.ipfire.org Git - thirdparty/glibc.git/commitdiff
projects / thirdparty / glibc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3115c83)
Another version of the free checks.
authorJakub Jelinek <jakub@redhat.com>
Fri, 19 Nov 2004 00:20:40 +0000 (00:20 +0000)
committerJakub Jelinek <jakub@redhat.com>
Fri, 19 Nov 2004 00:20:40 +0000 (00:20 +0000)
malloc/malloc.c patch | blob | blame | history

diff --git a/malloc/malloc.c b/malloc/malloc.c
index 323ad84663a8fac6649fc59e60eef8830ca99688..ca7c7e59bc939e31ddd8dd7266d753ca7599b664 100644 (file)
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4233,7 +4233,7 @@ _int_free(mstate av, Void_t* mem)
 #endif
       ) {
 
-    if (__builtin_expect (chunksize (chunk_at_offset (p, size)) < 2 * SIZE_SZ,
+    if (__builtin_expect (chunksize (chunk_at_offset (p, size)) <= 2 * SIZE_SZ,
                          0)
        || __builtin_expect (chunksize (chunk_at_offset (p, size))
                             >= av->system_mem, 0))
@@ -4285,7 +4285,12 @@ _int_free(mstate av, Void_t* mem)
       }
 
     nextsize = chunksize(nextchunk);
-    assert(nextsize > 0);
+    if (__builtin_expect (nextsize <= 2 * SIZE_SZ, 0)
+       || __builtin_expect (nextsize >= av->system_mem, 0))
+      {
+       errstr = "invalid next size (normal)";
+       goto errout;
+      }
 
     /* consolidate backward */
     if (!prev_inuse(p)) {
A mirror of the official glibc repository