This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug malloc/23907] Incorrect double-free malloc tcache check disregards tcache size


https://sourceware.org/bugzilla/show_bug.cgi?id=23907

--- Comment #3 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  affec03b713c82c43a5b025dddc21bde3334f41e (commit)
      from  8ae74eadb60eb36424e4605939cef5fc966724be (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=affec03b713c82c43a5b025dddc21bde3334f41e

commit affec03b713c82c43a5b025dddc21bde3334f41e
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon Nov 26 20:06:37 2018 +0100

    malloc: tcache: Validate tc_idx before checking for double-frees [BZ
#23907]

    The previous check could read beyond the end of the tcache entry
    array.  If the e->key == tcache cookie check happened to pass, this
    would result in crashes.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog       |    6 ++++++
 malloc/malloc.c |   52 ++++++++++++++++++++++++++--------------------------
 2 files changed, 32 insertions(+), 26 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]