From dc165f7b0bfa73ebd64584331d0cb7c2ead66147 Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@redhat.com>
Date: Fri, 10 Dec 2004 01:36:18 +0000
Subject: Update.

2004-12-09  Ulrich Drepper  <drepper@redhat.com>

	* malloc/malloc.c (public_rEALLOc): Add parameter checks.
	(_int_free): Provide better error message for invalid pointers.
---
 ChangeLog              |  5 +++++
 linuxthreads/ChangeLog | 17 +++++++++++++++++
 malloc/malloc.c        | 15 +++++++++++++--
 3 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index bf314a9058..2ad9fce392 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2004-12-09  Ulrich Drepper  <drepper@redhat.com>
+
+	* malloc/malloc.c (public_rEALLOc): Add parameter checks.
+	(_int_free): Provide better error message for invalid pointers.
+
 2004-12-01  Jakub Jelinek  <jakub@redhat.com>
 
 	* posix/tst-regex.c: Use defined _POSIX_CPUTIME && _POSIX_CPUTIME >= 0
diff --git a/linuxthreads/ChangeLog b/linuxthreads/ChangeLog
index a6cb7eb9c8..261b5db6a2 100644
--- a/linuxthreads/ChangeLog
+++ b/linuxthreads/ChangeLog
@@ -1,3 +1,20 @@
+2004-12-01  Jakub Jelinek  <jakub@redhat.coM.
+
+	* sysdeps/unix/sysv/linux/bits/posix_opt.h (_POSIX_CPUTIME,
+	_POSIX_THREAD_CPUTIME): Define to 0.
+	* sysdeps/pthread/timer_create.c (timer_create): Remove unused code
+	handling CLOCK_PROCESS_CPUTIME_ID and CLOCK_THREAD_CPUTIME_ID.
+	* sysdeps/pthread/timer_routines.c (__timer_signal_thread_pclk,
+	__timer_signal_thread_tclk): Remove.
+	(init_module): Remove their initialization.
+	(thread_cleanup): Remove their cleanup assertions.
+	* sysdeps/pthread/posix-timer.h (__timer_signal_thread_pclk,
+	__timer_signal_thread_tclk): Remove.
+	* sysdeps/unix/sysv/linux/i386/bits/posix_opt.h: Removed.
+	* sysdeps/unix/sysv/linux/ia64/bits/posix_opt.h: Removed.
+	* sysdeps/unix/sysv/linux/x86_64/bits/posix_opt.h: Removed.
+	* tst-clock1.c (do_test): Check for availability of CPU clock.
+
 2004-11-18  Daniel Jacobowitz  <dan@codesourcery.com>
 
 	* sysdeps/unix/sysv/linux/arm/sysdep-cancel.h: Update RETINSTR use.
diff --git a/malloc/malloc.c b/malloc/malloc.c
index b62ffb57c0..cf1b935ffd 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3434,6 +3434,17 @@ public_rEALLOc(Void_t* oldmem, size_t bytes)
   oldp    = mem2chunk(oldmem);
   oldsize = chunksize(oldp);
 
+  /* Little security check which won't hurt performance: the
+     allocator never wrapps around at the end of the address space.
+     Therefore we can exclude some size values which might appear
+     here by accident or by "design" from some intruder.  */
+  if (__builtin_expect ((uintptr_t) oldp > (uintptr_t) -oldsize, 0)
+      || __builtin_expect ((uintptr_t) oldp & MALLOC_ALIGN_MASK, 0))
+    {
+      malloc_printerr (check_action, "realloc(): invalid pointer", oldmem);
+      return NULL;
+    }
+
   checked_request2size(bytes, nb);
 
 #if HAVE_MMAP
@@ -4205,7 +4216,6 @@ _int_free(mstate av, Void_t* mem)
   mchunkptr       bck;         /* misc temp for linking */
   mchunkptr       fwd;         /* misc temp for linking */
 
-
   const char *errstr = NULL;
 
   p = mem2chunk(mem);
@@ -4215,7 +4225,8 @@ _int_free(mstate av, Void_t* mem)
      allocator never wrapps around at the end of the address space.
      Therefore we can exclude some size values which might appear
      here by accident or by "design" from some intruder.  */
-  if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0))
+  if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)
+      || __builtin_expect ((uintptr_t) p & MALLOC_ALIGN_MASK, 0))
     {
       errstr = "free(): invalid pointer";
     errout:
-- 
cgit v1.2.3