This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.25-135-g17f487b

From: dj at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 17 Mar 2017 19:45:39 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.25-135-g17f487b

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  17f487b7afa7cd6c316040f3e6c86dc96b2eec30 (commit)
      from  b170d2e7ab998180abbd24fdd6c03ecb4293d000 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=17f487b7afa7cd6c316040f3e6c86dc96b2eec30

commit 17f487b7afa7cd6c316040f3e6c86dc96b2eec30
Author: DJ Delorie <dj@delorie.com>
Date:   Fri Mar 17 15:31:38 2017 -0400

    Further harden glibc malloc metadata against 1-byte overflows.
    
    Additional check for chunk_size == next->prev->chunk_size in unlink()
    
    2017-03-17  Chris Evans  <scarybeasts@gmail.com>
    
    	* malloc/malloc.c (unlink): Add consistency check between size and
    	next->prev->size, to further harden against 1-byte overflows.

diff --git a/ChangeLog b/ChangeLog
index 4bafcd1..7d5bc5d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-03-17  Chris Evans  <scarybeasts@gmail.com>
+
+	* malloc/malloc.c (unlink): Add consistency check between size and
+	next->prev->size, to further harden against 1-byte overflows.
+
 2017-03-17  H.J. Lu  <hongjiu.lu@intel.com>
 
 	* sysdeps/x86/cpu-features.c (init_cpu_features): Check AVX with
diff --git a/malloc/malloc.c b/malloc/malloc.c
index e29105c..994a232 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -1376,6 +1376,8 @@ typedef struct malloc_chunk *mbinptr;
 
 /* Take a chunk off a bin list */
 #define unlink(AV, P, BK, FD) {                                            \
+    if (__builtin_expect (chunksize(P) != prev_size (next_chunk(P)), 0))      \
+      malloc_printerr (check_action, "corrupted size vs. prev_size", P, AV);  \
     FD = P->fd;								      \
     BK = P->bk;								      \
     if (__builtin_expect (FD->bk != P || BK->fd != P, 0))		      \

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog       |    5 +++++
 malloc/malloc.c |    2 ++
 2 files changed, 7 insertions(+), 0 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]