projects / glibc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 011f757)
cvs-malloc-hardening
authorGNU Libc Maintainers <debian-glibc@lists.debian.org>
Sat, 2 Dec 2017 10:07:17 +0000 (10:07 +0000)
committerAurelien Jarno <aurel32@debian.org>
Sat, 2 Dec 2017 10:07:17 +0000 (10:07 +0000)
2017-03-17  Chris Evans  <scarybeasts@gmail.com>

* malloc/malloc.c (unlink): Add consistency check between size and
next->prev->size, to further harden against 1-byte overflows.

Gbp-Pq: Topic any
Gbp-Pq: Name cvs-malloc-hardening.diff

malloc/malloc.c patch | blob | history

diff --git a/malloc/malloc.c b/malloc/malloc.c
index 4e076638b00ed87cdcf81d4f356d3fb8b47b6f7d..88d1d167be3f652367e73e9176fe71a80e0f82dd 100644 (file)
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -1376,6 +1376,8 @@ typedef struct malloc_chunk *mbinptr;
 
 /* Take a chunk off a bin list */
 #define unlink(AV, P, BK, FD) {                                            \
+    if (__builtin_expect (chunksize(P) != prev_size (next_chunk(P)), 0))      \
+      malloc_printerr (check_action, "corrupted size vs. prev_size", P, AV);  \
     FD = P->fd;                                                                      \
     BK = P->bk;                                                                      \
     if (__builtin_expect (FD->bk != P || BK->fd != P, 0))                    \
Unnamed repository; edit this file 'description' to name the repository.