fluencelabs/musl
1
0
Fork 0
mirror of https://github.com/fluencelabs/musl synced 2025-07-03 08:32:05 +00:00
Code Issues Projects Releases Wiki Activity

very cheap double-free checks in malloc

Browse Source
This commit is contained in:
Rich Felker
2011-03-23 13:24:00 -04:00
parent aa398f56fa
commit 0958200166
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/malloc/malloc.c
View File

@ -393,6 +393,8 @@ void *realloc(void *p, size_t n)
char *base = (char *)self - extra; char *base = (char *)self - extra;
size_t oldlen = n0 + extra; size_t oldlen = n0 + extra;
size_t newlen = n + extra; size_t newlen = n + extra;
/* Crash on realloc of freed chunk */
if ((uintptr_t)base < mal.brk) *(char *)0=0;
if (newlen < PAGE_SIZE && (new = malloc(n))) { if (newlen < PAGE_SIZE && (new = malloc(n))) {
memcpy(new, p, n-OVERHEAD); memcpy(new, p, n-OVERHEAD);
free(p); free(p);
@ -454,6 +456,8 @@ void free(void *p)
size_t extra = self->data[-1]; size_t extra = self->data[-1];
char *base = (char *)self - extra; char *base = (char *)self - extra;
size_t len = CHUNK_SIZE(self) + extra; size_t len = CHUNK_SIZE(self) + extra;
/* Crash on double free */
if ((uintptr_t)base < mal.brk) *(char *)0=0;
__munmap(base, len); __munmap(base, len);
return; return;
} }