Only access offset if canaries are enabled *and* size > 0, otherwise offset

is not initialized. Problem spotted by Carlin Bingham; ok phessler@ tedu@
author: otto <otto@openbsd.org> 2017-07-07 19:14:46 +0000
committer: otto <otto@openbsd.org> 2017-07-07 19:14:46 +0000
commit: b73b8be164d17d37d91f485eea3dd27513733ab7 (patch)
tree: a06e87a31e7b8f00b98c5555e9cb459bf9ced9be /lib/libc
parent: add parentheses to the output where required for disambiguation (diff)
download: wireguard-openbsd-b73b8be164d17d37d91f485eea3dd27513733ab7.tar.xz
wireguard-openbsd-b73b8be164d17d37d91f485eea3dd27513733ab7.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c
index eaa97f88bbd..dc2c7b1500f 100644
--- a/lib/libc/stdlib/malloc.c
+++ b/lib/libc/stdlib/malloc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: malloc.c,v 1.226 2017/06/19 03:06:26 dlg Exp $	*/
+/*	$OpenBSD: malloc.c,v 1.227 2017/07/07 19:14:46 otto Exp $	*/
 /*
  * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net>
  * Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org>
@@ -1013,7 +1013,7 @@ malloc_bytes(struct dir_info *d, size_t size, void *f)
 	/* Adjust to the real offset of that chunk */
 	k += (lp - bp->bits) * MALLOC_BITS;
 
-	if (mopts.chunk_canaries)
+	if (mopts.chunk_canaries && size > 0)
 		bp->bits[bp->offset + k] = size;
 
 	k <<= bp->shift;
author	otto <otto@openbsd.org>	2017-07-07 19:14:46 +0000
committer	otto <otto@openbsd.org>	2017-07-07 19:14:46 +0000
commit	b73b8be164d17d37d91f485eea3dd27513733ab7 (patch)
tree	a06e87a31e7b8f00b98c5555e9cb459bf9ced9be /lib/libc
parent	add parentheses to the output where required for disambiguation (diff)
download	wireguard-openbsd-b73b8be164d17d37d91f485eea3dd27513733ab7.tar.xz wireguard-openbsd-b73b8be164d17d37d91f485eea3dd27513733ab7.zip