| -rw-r--r-- | src/malloc/malloc.c | 6 |
diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c index 1a6d1493..4044eb2a 100644 --- a/src/malloc/malloc.c +++ b/src/malloc/malloc.c @@ -418,6 +418,9 @@ void *realloc(void *p, size_t n) next = NEXT_CHUNK(self); + /* Crash on corrupted footer (likely from buffer overflow) */ + if (next->psize != self->csize) a_crash(); + /* Merge adjacent chunks if we need more space. This is not * a waste of time even if we fail to get enough space, because our * subsequent call to free would otherwise have to do the merge. */ @@ -471,6 +474,9 @@ void free(void *p) final_size = new_size = CHUNK_SIZE(self); next = NEXT_CHUNK(self); + /* Crash on corrupted footer (likely from buffer overflow) */ + if (next->psize != self->csize) a_crash(); + for (;;) { /* Replace middle of large chunks with fresh zero pages */ if (reclaim && (self->psize & next->csize & C_INUSE)) { |