malloc: Check for large bin list corruption when inserting unsorted chunk - glibc.git - Mirror of https://sourceware.org/git/glibc.git

diff options

author	Adam Maris <amaris@redhat.com>	2019-03-14 16:51:16 -0400
committer	Arjun Shankar <arjun@redhat.com>	2019-05-02 14:29:11 +0200
commit	4a5e58827f2b6efa94ea50a9db5f3c861173837f (patch)
tree	0ff3a2c97aa52a280ca3df3a1e255ce80385d16a /sysdeps/unix/sysv/linux/socket.c
parent	38e89818335400b5593943f92a379b9c669b758c (diff)
download	glibc-4a5e58827f2b6efa94ea50a9db5f3c861173837f.tar glibc-4a5e58827f2b6efa94ea50a9db5f3c861173837f.tar.gz glibc-4a5e58827f2b6efa94ea50a9db5f3c861173837f.tar.bz2 glibc-4a5e58827f2b6efa94ea50a9db5f3c861173837f.zip

malloc: Check for large bin list corruption when inserting unsorted chunk

Fixes bug 24216. This patch adds security checks for bk and bk_nextsize pointers of chunks in large bin when inserting chunk from unsorted bin. It was possible to write the pointer to victim (newly inserted chunk) to arbitrary memory locations if bk or bk_nextsize pointers of the next large bin chunk got corrupted. (cherry picked from commit 5b06f538c5aee0389ed034f60d90a8884d6d54de)

Diffstat (limited to 'sysdeps/unix/sysv/linux/socket.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: