projects
/
musl
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
aa398f5
)
very cheap double-free checks in malloc
author
Rich Felker
<dalias@aerifal.cx>
Wed, 23 Mar 2011 17:24:00 +0000
(13:24 -0400)
committer
Rich Felker
<dalias@aerifal.cx>
Wed, 23 Mar 2011 17:24:00 +0000
(13:24 -0400)
src/malloc/malloc.c
patch
|
blob
|
history
diff --git
a/src/malloc/malloc.c
b/src/malloc/malloc.c
index
3c08c41
..
a4eefda
100644
(file)
--- a/
src/malloc/malloc.c
+++ b/
src/malloc/malloc.c
@@
-393,6
+393,8
@@
void *realloc(void *p, size_t n)
char *base = (char *)self - extra;
size_t oldlen = n0 + extra;
size_t newlen = n + extra;
+ /* Crash on realloc of freed chunk */
+ if ((uintptr_t)base < mal.brk) *(char *)0=0;
if (newlen < PAGE_SIZE && (new = malloc(n))) {
memcpy(new, p, n-OVERHEAD);
free(p);
@@
-454,6
+456,8
@@
void free(void *p)
size_t extra = self->data[-1];
char *base = (char *)self - extra;
size_t len = CHUNK_SIZE(self) + extra;
+ /* Crash on double free */
+ if ((uintptr_t)base < mal.brk) *(char *)0=0;
__munmap(base, len);
return;
}
projects / musl / commitdiff