RepoMirrors
/
musl
mirror of git://git.musl-libc.org/musl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

simplify and improve double-free check 

a valid mmapped block will have an even (actually aligned) "extra"
field, whereas a freed chunk on the heap will always have an in-use
neighbor.

this fixes a potential bug if mmap ever allocated memory below the
main program/brk (in which case it would be wrongly-detected as a
double-free by the old code) and allows the double-free check to work
for donated memory outside of the brk area (or, in the future,
secondary heap zones if support for their creation is added).
This commit is contained in:
Rich Felker 2011-08-15 01:59:15 -04:00
parent 6cb277d75e
commit ce7c6341d3
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/malloc/malloc.c
View File

@ -394,7 +394,7 @@ void *realloc(void *p, size_t n)
size_t oldlen = n0 + extra;
size_t newlen = n + extra;
/* Crash on realloc of freed chunk */
if ((uintptr_t)base < mal.brk) *(volatile char *)0=0;
if (extra & 1) *(volatile char *)0=0;
if (newlen < PAGE_SIZE && (new = malloc(n))) {
memcpy(new, p, n-OVERHEAD);
free(p);
@ -457,7 +457,7 @@ void free(void *p)
char *base = (char *)self - extra;
size_t len = CHUNK_SIZE(self) + extra;
/* Crash on double free */
if ((uintptr_t)base < mal.brk) *(volatile char *)0=0;
if (extra & 1) *(volatile char *)0=0;
__munmap(base, len);
return;
}