X-Git-Url: http://nsz.repo.hu/git/?p=musl;a=blobdiff_plain;f=src%2Fmalloc%2Fmalloc.c;h=4044eb2af921ffee684e70c2cb849a06af72e454;hp=1a6d1493291c7ed2d816687d92d100b78c972137;hb=8389520ed5ad6f0033d6426e21ef653fa5ca26a4;hpb=b8ccf8e46bab6ee9d63a6e392c3b33b9aa89255c

diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c
index 1a6d1493..4044eb2a 100644
--- a/src/malloc/malloc.c
+++ b/src/malloc/malloc.c
@@ -418,6 +418,9 @@ void *realloc(void *p, size_t n)
 
 	next = NEXT_CHUNK(self);
 
+	/* Crash on corrupted footer (likely from buffer overflow) */
+	if (next->psize != self->csize) a_crash();
+
 	/* Merge adjacent chunks if we need more space. This is not
 	 * a waste of time even if we fail to get enough space, because our
 	 * subsequent call to free would otherwise have to do the merge. */
@@ -471,6 +474,9 @@ void free(void *p)
 	final_size = new_size = CHUNK_SIZE(self);
 	next = NEXT_CHUNK(self);
 
+	/* Crash on corrupted footer (likely from buffer overflow) */
+	if (next->psize != self->csize) a_crash();
+
 	for (;;) {
 		/* Replace middle of large chunks with fresh zero pages */
 		if (reclaim && (self->psize & next->csize & C_INUSE)) {