aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2004-11-20 04:45:06 +0000
committerUlrich Drepper <drepper@redhat.com>2004-11-20 04:45:06 +0000
commit6cce65407e2fc5015c69bb38741d6942b3e412c3 (patch)
treee8ce13071301d740bb358dcb12890b205a9d194b
parent893e609847a2f372970e349e0cede2e8529bea71 (diff)
downloadglibc-6cce65407e2fc5015c69bb38741d6942b3e412c3.tar
glibc-6cce65407e2fc5015c69bb38741d6942b3e412c3.tar.gz
glibc-6cce65407e2fc5015c69bb38741d6942b3e412c3.tar.bz2
glibc-6cce65407e2fc5015c69bb38741d6942b3e412c3.zip
Update.
* malloc/malloc.c (_int_malloc): Check for corruption of chunk which is about to be returned.
-rw-r--r--ChangeLog3
-rw-r--r--malloc/malloc.c10
2 files changed, 12 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index ae8cc2e29b..a5cd019f9d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
2004-11-19 Ulrich Drepper <drepper@redhat.com>
+ * malloc/malloc.c (_int_malloc): Check for corruption of chunk
+ which is about to be returned.
+
* malloc/malloc.c (_int_free): Add a few more cheap tests for
corruption.
diff --git a/malloc/malloc.c b/malloc/malloc.c
index d6810be7f6..b62ffb57c0 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3840,8 +3840,12 @@ _int_malloc(mstate av, size_t bytes)
*/
if ((unsigned long)(nb) <= (unsigned long)(av->max_fast)) {
- fb = &(av->fastbins[(fastbin_index(nb))]);
+ long int idx = fastbin_index(nb);
+ fb = &(av->fastbins[idx]);
if ( (victim = *fb) != 0) {
+ if (__builtin_expect (fastbin_index (chunksize (victim)) != idx, 0))
+ malloc_printerr (check_action, "malloc(): memory corruption (fast)",
+ chunk2mem (victim));
*fb = victim->fd;
check_remalloced_chunk(av, victim, nb);
return chunk2mem(victim);
@@ -3911,6 +3915,10 @@ _int_malloc(mstate av, size_t bytes)
while ( (victim = unsorted_chunks(av)->bk) != unsorted_chunks(av)) {
bck = victim->bk;
+ if (__builtin_expect (victim->size <= 2 * SIZE_SZ, 0)
+ || __builtin_expect (victim->size > av->system_mem, 0))
+ malloc_printerr (check_action, "malloc(): memory corruption",
+ chunk2mem (victim));
size = chunksize(victim);
/*