AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-22 21:10:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

[BZ #457]

Browse Source 
Update.
2004-10-19  Wolfram Gloger  <wg@malloc.de>

	* malloc/hooks.c (mem2chunk_check, top_check): Handle
	non-contiguous arena.  Reported by Michael Dalton
	<mwdalton@stanford.edu> [BZ #457].  Add further checks for top chunk.
This commit is contained in:
Ulrich Drepper 2004-12-14 21:18:36 +00:00
parent 1f7d96933e
commit b102cfc2f9
2 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
2004-10-19 Wolfram Gloger <wg@malloc.de>
* malloc/hooks.c (mem2chunk_check, top_check): Handle
non-contiguous arena. Reported by Michael Dalton
<mwdalton@stanford.edu> [BZ #457]. Add further checks for top chunk.
2004-12-14 Jakub Jelinek <jakub@redhat.com> 2004-12-14 Jakub Jelinek <jakub@redhat.com>
* sysdeps/posix/sysconf.c (__sysconf_check_spec): Remove leading * sysdeps/posix/sysconf.c (__sysconf_check_spec): Remove leading

22
malloc/hooks.c
View File

@ -157,15 +157,16 @@ mem2chunk_check(mem) Void_t* mem;
if(!aligned_OK(mem)) return NULL; if(!aligned_OK(mem)) return NULL;
p = mem2chunk(mem); p = mem2chunk(mem);
if( (char*)p>=mp_.sbrk_base && if (!chunk_is_mmapped(p)) {
(char*)p<(mp_.sbrk_base+main_arena.system_mem) ) {
/* Must be a chunk in conventional heap memory. */ /* Must be a chunk in conventional heap memory. */
if(chunk_is_mmapped(p) || int contig = contiguous(&main_arena);
( (sz = chunksize(p)), sz = chunksize(p);
((char*)p + sz)>=(mp_.sbrk_base+main_arena.system_mem) ) || if((contig &&
((char*)p<mp_.sbrk_base ||
((char*)p + sz)>=(mp_.sbrk_base+main_arena.system_mem) )) ||
sz<MINSIZE || sz&MALLOC_ALIGN_MASK || !inuse(p) || sz<MINSIZE || sz&MALLOC_ALIGN_MASK || !inuse(p) ||
( !prev_inuse(p) && (p->prev_size&MALLOC_ALIGN_MASK || ( !prev_inuse(p) && (p->prev_size&MALLOC_ALIGN_MASK ||
(long)prev_chunk(p)<(long)mp_.sbrk_base || (contig && (char*)prev_chunk(p)<mp_.sbrk_base) ||
next_chunk(prev_chunk(p))!=p) )) next_chunk(prev_chunk(p))!=p) ))
return NULL; return NULL;
magic = MAGICBYTE(p); magic = MAGICBYTE(p);
@ -213,8 +214,13 @@ top_check()
INTERNAL_SIZE_T front_misalign, sbrk_size; INTERNAL_SIZE_T front_misalign, sbrk_size;
unsigned long pagesz = malloc_getpagesize; unsigned long pagesz = malloc_getpagesize;
if((char*)t + chunksize(t) == mp_.sbrk_base + main_arena.system_mem || if (t == initial_top(&main_arena) ||
t == initial_top(&main_arena)) return 0; (!chunk_is_mmapped(t) &&
chunksize(t)>=MINSIZE &&
prev_inuse(t) &&
(!contiguous(&main_arena) ||
(char*)t + chunksize(t) == mp_.sbrk_base + main_arena.system_mem)))
return 0;
malloc_printerr (check_action, "malloc: top chunk is corrupt", t); malloc_printerr (check_action, "malloc: top chunk is corrupt", t);