Browse Source

For small allocations (chunk) freezero only validates the given

size if canaries are enabled. In that case we have the exact requested
size of the allocation.  But we can at least check the given size
against the chunk size if C is not enabled. Plus add some braces
so my brain doesn't have to scan for dangling else problems when I
see this code.
OPENBSD_6_2
otto 7 years ago
parent
commit
6a32bb1c73
1 changed files with 10 additions and 5 deletions
  1. +10
    -5
      src/lib/libc/stdlib/malloc.c

+ 10
- 5
src/lib/libc/stdlib/malloc.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: malloc.c,v 1.223 2017/04/18 15:46:44 otto Exp $ */
/* $OpenBSD: malloc.c,v 1.224 2017/04/22 09:12:49 otto Exp $ */
/* /*
* Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net> * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net>
* Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org> * Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org>
@ -1334,7 +1334,7 @@ ofree(struct dir_info *argpool, void *p, int clear, int check, size_t argsz)
REALSIZE(sz, r); REALSIZE(sz, r);
if (check) { if (check) {
if (sz <= MALLOC_MAXCHUNK) { if (sz <= MALLOC_MAXCHUNK) {
if (mopts.chunk_canaries) {
if (mopts.chunk_canaries && sz > 0) {
struct chunk_info *info = struct chunk_info *info =
(struct chunk_info *)r->size; (struct chunk_info *)r->size;
uint32_t chunknum = uint32_t chunknum =
@ -1342,14 +1342,19 @@ ofree(struct dir_info *argpool, void *p, int clear, int check, size_t argsz)
if (info->bits[info->offset + chunknum] < if (info->bits[info->offset + chunknum] <
argsz) argsz)
wrterror(pool, "recorded old size %hu"
wrterror(pool, "recorded size %hu"
" < %zu", " < %zu",
info->bits[info->offset + chunknum], info->bits[info->offset + chunknum],
argsz); argsz);
} else {
if (sz < argsz)
wrterror(pool, "chunk size %zu < %zu",
sz, argsz);
} }
} else if (sz - mopts.malloc_guard < argsz)
wrterror(pool, "recorded old size %zu < %zu",
} else if (sz - mopts.malloc_guard < argsz) {
wrterror(pool, "recorded size %zu < %zu",
sz - mopts.malloc_guard, argsz); sz - mopts.malloc_guard, argsz);
}
} }
if (sz > MALLOC_MAXCHUNK) { if (sz > MALLOC_MAXCHUNK) {
if (!MALLOC_MOVE_COND(sz)) { if (!MALLOC_MOVE_COND(sz)) {


Loading…
Cancel
Save