* malloc/malloc.c (_int_free): Fail if block size is obviously wrong.

author: Ulrich Drepper <drepper@redhat.com> 2005-10-13 04:48:35 +0000
committer: Ulrich Drepper <drepper@redhat.com> 2005-10-13 04:48:35 +0000
commit: bf58906631af8fe0d57625988b1d003cc09ef01d (patch)
tree: bece252e69676134a5c51316326d8d3821c12a47
parent: 04ec80e410b4efb0576a2ffd0d2f29ed1fdac451 (diff)
download: glibc-bf58906631af8fe0d57625988b1d003cc09ef01d.tar
glibc-bf58906631af8fe0d57625988b1d003cc09ef01d.tar.gz
glibc-bf58906631af8fe0d57625988b1d003cc09ef01d.tar.bz2
glibc-bf58906631af8fe0d57625988b1d003cc09ef01d.zip
2 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index a956c55002..6e30d38fcb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 2005-10-12  Ulrich Drepper  <drepper@redhat.com>
 
+	* malloc/malloc.c (_int_free): Fail if block size is obviously wrong.
+
 	* include/malloc.h: Remove _int_new_arena prototype.
 	* malloc/arena.c (_int_new_arena): Move definition ahead of
 	arena_get2 and make static.
diff --git a/malloc/malloc.c b/malloc/malloc.c
index a8bc76739f..4ea35254bb 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4278,6 +4278,12 @@ _int_free(mstate av, Void_t* mem)
       malloc_printerr (check_action, errstr, mem);
       return;
     }
+  /* We know that each chunk is at least MINSIZE bytes in size.  */
+  if (__builtin_expect (size < MINSIZE, 0))
+    {
+      errstr = "free(): invalid size";
+      goto errout;
+    }
 
   check_inuse_chunk(av, p);
author	Ulrich Drepper <drepper@redhat.com>	2005-10-13 04:48:35 +0000
committer	Ulrich Drepper <drepper@redhat.com>	2005-10-13 04:48:35 +0000
commit	bf58906631af8fe0d57625988b1d003cc09ef01d (patch)
tree	bece252e69676134a5c51316326d8d3821c12a47
parent	04ec80e410b4efb0576a2ffd0d2f29ed1fdac451 (diff)
download	glibc-bf58906631af8fe0d57625988b1d003cc09ef01d.tar glibc-bf58906631af8fe0d57625988b1d003cc09ef01d.tar.gz glibc-bf58906631af8fe0d57625988b1d003cc09ef01d.tar.bz2 glibc-bf58906631af8fe0d57625988b1d003cc09ef01d.zip