Home Explore Help
Sign In
hongwenjun
/
musl
mirror of https://git.musl-libc.org/git/musl
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

very cheap double-free checks in malloc

Rich Felker 14 years ago
parent
aa398f56fa
commit
0958200166
1 changed files with 4 additions and 0 deletions
Split View Show Diff Stats
  1. 4 0
      src/malloc/malloc.c

+ 4 - 0
src/malloc/malloc.c
View File 

@@ -393,6 +393,8 @@ void *realloc(void *p, size_t n)
 
 		char *base = (char *)self - extra;
 
 		size_t oldlen = n0 + extra;
 
 		size_t newlen = n + extra;
 
+		/* Crash on realloc of freed chunk */
 
+		if ((uintptr_t)base < mal.brk) *(char *)0=0;
 
 		if (newlen < PAGE_SIZE && (new = malloc(n))) {
 
 			memcpy(new, p, n-OVERHEAD);
 
 			free(p);
 
@@ -454,6 +456,8 @@ void free(void *p)
 
 		size_t extra = self->data[-1];
 
 		char *base = (char *)self - extra;
 
 		size_t len = CHUNK_SIZE(self) + extra;
 
+		/* Crash on double free */
 
+		if ((uintptr_t)base < mal.brk) *(char *)0=0;
 
 		__munmap(base, len);
 
 		return;
 
 	}