This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/13576] New: Free chunk in malloc may have incorrect size
- From: "hjl.tools at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Mon, 09 Jan 2012 21:12:15 +0000
- Subject: [Bug libc/13576] New: Free chunk in malloc may have incorrect size
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=13576
Bug #: 13576
Summary: Free chunk in malloc may have incorrect size
Product: glibc
Version: 2.15
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: hjl.tools@gmail.com
Classification: Unclassified
sYSMALLOc has
/* Setup fencepost and free the old top chunk. */
/* The fencepost takes at least MINSIZE bytes, because it might
become the top chunk again later. Note that a footer is set
up, too, although the chunk is marked in use. */
old_size -= MINSIZE;
set_head(chunk_at_offset(old_top, old_size + 2*SIZE_SZ), 0|PREV_INUSE);
if (old_size >= MINSIZE) {
set_head(chunk_at_offset(old_top, old_size), (2*SIZE_SZ)|PREV_INUSE);
set_foot(chunk_at_offset(old_top, old_size), (2*SIZE_SZ));
set_head(old_top, old_size|PREV_INUSE|NON_MAIN_ARENA);
#ifdef ATOMIC_FASTBINS
_int_free(av, old_top, 1);
#else
_int_free(av, old_top);
#endif
It may free old top chunk with size which isn't a multiple of MALLOC_ALIGNMENT
and leads to a free chunk with incorrect size.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.