diff options
| author |   otto <otto@openbsd.org> | 2017-09-11 18:32:31 +0000 |
|---|---|---|
| committer | otto <otto@openbsd.org> | 2017-09-11 18:32:31 +0000 |
| commit | 5f2d17fff6f584aa2d4bfcd6810bd15a7e0345e8 (patch) | |
| tree | bc328b88e9d0a61cb821d0c3408d52f6cd4937a8 /lib/libc/stdlib/malloc.c | |
| parent | Use signed ssize_t to make read(2) error check actually work. (diff) | |
| download | wireguard-openbsd-5f2d17fff6f584aa2d4bfcd6810bd15a7e0345e8.tar.xz wireguard-openbsd-5f2d17fff6f584aa2d4bfcd6810bd15a7e0345e8.zip | |
check double free before canary for chunks; ok millert@
Diffstat (limited to 'lib/libc/stdlib/malloc.c')
| -rw-r--r-- | lib/libc/stdlib/malloc.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c index c7ef59b6800..1914f906458 100644 --- a/lib/libc/stdlib/malloc.c +++ b/lib/libc/stdlib/malloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: malloc.c,v 1.229 2017/08/20 11:06:16 otto Exp $ */ +/* $OpenBSD: malloc.c,v 1.230 2017/09/11 18:32:31 otto Exp $ */ /* * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net> * Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org> @@ -1065,16 +1065,16 @@ find_chunknum(struct dir_info *d, struct region_info *r, void *ptr, int check) /* Find the chunk number on the page */ chunknum = ((uintptr_t)ptr & MALLOC_PAGEMASK) >> info->shift; - if (check && info->size > 0) { - validate_canary(d, ptr, info->bits[info->offset + chunknum], - info->size); - } if ((uintptr_t)ptr & ((1U << (info->shift)) - 1)) wrterror(d, "modified chunk-pointer %p", ptr); if (info->bits[chunknum / MALLOC_BITS] & (1U << (chunknum % MALLOC_BITS))) wrterror(d, "chunk is already free %p", ptr); + if (check && info->size > 0) { + validate_canary(d, ptr, info->bits[info->offset + chunknum], + info->size); + } return chunknum; } |