summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2011-03-23 13:24:00 -0400
committerRich Felker <dalias@aerifal.cx>2011-03-23 13:24:00 -0400
commit095820016689dfdc9141f477a86de22054c86078 (patch)
tree23543ebec48463f5481441beb8c549b7456b3c1e /src
parentaa398f56fa398f2202b04e82c67f822f3233786f (diff)
downloadmusl-095820016689dfdc9141f477a86de22054c86078.tar.gz
musl-095820016689dfdc9141f477a86de22054c86078.tar.bz2
musl-095820016689dfdc9141f477a86de22054c86078.tar.xz
musl-095820016689dfdc9141f477a86de22054c86078.zip
very cheap double-free checks in malloc
Diffstat (limited to 'src')
-rw-r--r--src/malloc/malloc.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c
index 3c08c41e..a4eefda9 100644
--- a/src/malloc/malloc.c
+++ b/src/malloc/malloc.c
@@ -393,6 +393,8 @@ void *realloc(void *p, size_t n)
char *base = (char *)self - extra;
size_t oldlen = n0 + extra;
size_t newlen = n + extra;
+ /* Crash on realloc of freed chunk */
+ if ((uintptr_t)base < mal.brk) *(char *)0=0;
if (newlen < PAGE_SIZE && (new = malloc(n))) {
memcpy(new, p, n-OVERHEAD);
free(p);
@@ -454,6 +456,8 @@ void free(void *p)
size_t extra = self->data[-1];
char *base = (char *)self - extra;
size_t len = CHUNK_SIZE(self) + extra;
+ /* Crash on double free */
+ if ((uintptr_t)base < mal.brk) *(char *)0=0;
__munmap(base, len);
return;
}