This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.28.9000-66-gd6db68e

From: dj at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 17 Aug 2018 01:28:11 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.28.9000-66-gd6db68e

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  d6db68e66dff25d12c3bc5641b60cbd7fb6ab44f (commit)
      from  30a17d8c95fbfb15c52d1115803b63aaa73a285c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d6db68e66dff25d12c3bc5641b60cbd7fb6ab44f

commit d6db68e66dff25d12c3bc5641b60cbd7fb6ab44f
Author: Moritz Eckert <m.eckert@cs.ucsb.edu>
Date:   Thu Aug 16 21:08:36 2018 -0400

    malloc: Mitigate null-byte overflow attacks
    
    * malloc/malloc.c (_int_free): Check for corrupt prev_size vs size.
    (malloc_consolidate): Likewise.

diff --git a/ChangeLog b/ChangeLog
index dc72e54..1e84f9b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2018-08-16  DJ Delorie  <dj@delorie.com>
+
+	* malloc/malloc.c (_int_free): Check for corrupt prev_size vs size.
+	(malloc_consolidate): Likewise.
+
 2018-08-16  Pochang Chen  <johnchen902@gmail.com>
 
 	* malloc/malloc.c (_int_malloc.c): Verify size of top chunk.
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 9431108..7c8bf84 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4281,6 +4281,8 @@ _int_free (mstate av, mchunkptr p, int have_lock)
       prevsize = prev_size (p);
       size += prevsize;
       p = chunk_at_offset(p, -((long) prevsize));
+      if (__glibc_unlikely (chunksize(p) != prevsize))
+        malloc_printerr ("corrupted size vs. prev_size while consolidating");
       unlink(av, p, bck, fwd);
     }
 
@@ -4442,6 +4444,8 @@ static void malloc_consolidate(mstate av)
 	  prevsize = prev_size (p);
 	  size += prevsize;
 	  p = chunk_at_offset(p, -((long) prevsize));
+	  if (__glibc_unlikely (chunksize(p) != prevsize))
+	    malloc_printerr ("corrupted size vs. prev_size in fastbins");
 	  unlink(av, p, bck, fwd);
 	}
 

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog       |    5 +++++
 malloc/malloc.c |    4 ++++
 2 files changed, 9 insertions(+), 0 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]