This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] malloc: Check for large bin list corruption when inserting unsorted chunk

From: Adam Maris <amaris at redhat dot com>
To: libc-alpha at sourceware dot org
Date: Thu, 21 Feb 2019 11:40:19 +0100
Subject: Re: [PATCH] malloc: Check for large bin list corruption when inserting unsorted chunk
References: <CAJaYUCYJhSVs-xQuQhySGcqzM+zB_eFRirEc4V3nkHRWgLLKvA@mail.gmail.com> <CAJaYUCYtdgfSxcWLrezFabu3A89OeahrctrTvy=S9KfGD2tFXQ@mail.gmail.com>

On Tue, Feb 12, 2019 at 5:34 PM Adam Maris <amaris@redhat.com> wrote:
>
> On Tue, Feb 12, 2019 at 5:13 PM Adam Maris <amaris@redhat.com> wrote:
> >
> > Fixes bug 24216. This patch adds security checks for bk and bk_nextsize pointers
> > of chunks in large bin when inserting chunk from unsorted bin. It was possible
> > to write the pointer to victim (newly inserted chunk) to arbitrary memory
> > locations if bk or bk_nextsize pointers of the next large bin chunk
> > got corrupted.
> >
>
> Sending again with patch as attachment for better readability.
>

Thoughts?

References:
- [PATCH] malloc: Check for large bin list corruption when inserting unsorted chunk
  - From: Adam Maris
- Re: [PATCH] malloc: Check for large bin list corruption when inserting unsorted chunk
  - From: Adam Maris

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]