From bf58906631af8fe0d57625988b1d003cc09ef01d Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Thu, 13 Oct 2005 04:48:35 +0000 Subject: [PATCH] * malloc/malloc.c (_int_free): Fail if block size is obviously wrong. --- ChangeLog | 2 ++ malloc/malloc.c | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index a956c55002..6e30d38fcb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2005-10-12 Ulrich Drepper + * malloc/malloc.c (_int_free): Fail if block size is obviously wrong. + * include/malloc.h: Remove _int_new_arena prototype. * malloc/arena.c (_int_new_arena): Move definition ahead of arena_get2 and make static. diff --git a/malloc/malloc.c b/malloc/malloc.c index a8bc76739f..4ea35254bb 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -4278,6 +4278,12 @@ _int_free(mstate av, Void_t* mem) malloc_printerr (check_action, errstr, mem); return; } + /* We know that each chunk is at least MINSIZE bytes in size. */ + if (__builtin_expect (size < MINSIZE, 0)) + { + errstr = "free(): invalid size"; + goto errout; + } check_inuse_chunk(av, p); -- 2.43.5