This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] malloc: Check for large bin list corruption when inserting unsorted chunk
- From: Adam Maris <amaris at redhat dot com>
- To: libc-alpha at sourceware dot org
- Date: Thu, 21 Feb 2019 11:40:19 +0100
- Subject: Re: [PATCH] malloc: Check for large bin list corruption when inserting unsorted chunk
- References: <CAJaYUCYJhSVs-xQuQhySGcqzM+zB_eFRirEc4V3nkHRWgLLKvA@mail.gmail.com> <CAJaYUCYtdgfSxcWLrezFabu3A89OeahrctrTvy=S9KfGD2tFXQ@mail.gmail.com>
On Tue, Feb 12, 2019 at 5:34 PM Adam Maris <amaris@redhat.com> wrote:
>
> On Tue, Feb 12, 2019 at 5:13 PM Adam Maris <amaris@redhat.com> wrote:
> >
> > Fixes bug 24216. This patch adds security checks for bk and bk_nextsize pointers
> > of chunks in large bin when inserting chunk from unsorted bin. It was possible
> > to write the pointer to victim (newly inserted chunk) to arbitrary memory
> > locations if bk or bk_nextsize pointers of the next large bin chunk
> > got corrupted.
> >
>
> Sending again with patch as attachment for better readability.
>
Thoughts?