This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH v2 1/7] malloc: Add check for top size corruption.

From: Florian Weimer <fweimer at redhat dot com>
To: Istvan Kurucsai <pistukem at gmail dot com>, libc-alpha at sourceware dot org
Date: Thu, 11 Jan 2018 13:05:49 +0100
Subject: Re: [PATCH v2 1/7] malloc: Add check for top size corruption.
Authentication-results: sourceware.org; auth=none
References: <1510068430-27816-1-git-send-email-pistukem@gmail.com> <1510068430-27816-2-git-send-email-pistukem@gmail.com>

On 11/07/2017 04:27 PM, Istvan Kurucsai wrote:

Ensure that the size of top is below av->system_mem.

     * malloc/malloc.c (_int_malloc): Check top size.
---
  malloc/malloc.c | 4 ++++
  1 file changed, 4 insertions(+)

diff --git a/malloc/malloc.c b/malloc/malloc.c
index f94d51c..4a30c42 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4078,6 +4078,10 @@ _int_malloc (mstate av, size_t bytes)

if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE))

          {
+          if (__glibc_unlikely ((unsigned long) (size) >
+                                (unsigned long) (av->system_mem)))
+            malloc_printerr("malloc(): corrupted top chunk");
+


Andreas already pointed out style issues.

I'm somewhat surprised that we have accurate accounting in av->system_mem.

Furthermore, for non-main arenas, I think the check should be againstthe size of a single heap, or maybe the minimum of av->system_mem andthat size.


Thanks,
Florian

Follow-Ups:
- Re: [PATCH v2 1/7] malloc: Add check for top size corruption.
  - From: Istvan Kurucsai

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]