| author | Rich Felker <dalias@aerifal.cx> | 2013年07月19日 20:00:11 -0400 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2013年07月19日 20:00:11 -0400 |
| commit | 8389520ed5ad6f0033d6426e21ef653fa5ca26a4 (patch) | |
| tree | d953686de75caed19c0bc83ab43b258052f2016f /src/malloc/malloc.c | |
| parent | 41e2fd9d529b00b8532e7170e3cdae0d5d6c6424 (diff) | |
| download | musl-8389520ed5ad6f0033d6426e21ef653fa5ca26a4.tar.gz | |
| -rw-r--r-- | src/malloc/malloc.c | 6 |
diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c index 1a6d1493..4044eb2a 100644 --- a/src/malloc/malloc.c +++ b/src/malloc/malloc.c @@ -418,6 +418,9 @@ void *realloc(void *p, size_t n) next = NEXT_CHUNK(self); + /* Crash on corrupted footer (likely from buffer overflow) */ + if (next->psize != self->csize) a_crash(); + /* Merge adjacent chunks if we need more space. This is not * a waste of time even if we fail to get enough space, because our * subsequent call to free would otherwise have to do the merge. */ @@ -471,6 +474,9 @@ void free(void *p) final_size = new_size = CHUNK_SIZE(self); next = NEXT_CHUNK(self); + /* Crash on corrupted footer (likely from buffer overflow) */ + if (next->psize != self->csize) a_crash(); + for (;;) { /* Replace middle of large chunks with fresh zero pages */ if (reclaim && (self->psize & next->csize & C_INUSE)) { |