From c5909da5cf2bdbb576f8daef5ce945987e9e882d Mon Sep 17 00:00:00 2001 From: otto <> Date: Wed, 29 Feb 2012 08:44:14 +0000 Subject: [PATCH] - Test for the retrieved page address not being NULL. This turns free((void*)1) into an bogus pointer error instead of a segfault. - Document that we use the assumption that a non-MAP_FIXED mmap() with hint 0 never returns NULL. --- src/lib/libc/stdlib/malloc.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/lib/libc/stdlib/malloc.c b/src/lib/libc/stdlib/malloc.c index 5fc75c2c..6aba00e4 100644 --- a/src/lib/libc/stdlib/malloc.c +++ b/src/lib/libc/stdlib/malloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: malloc.c,v 1.140 2011/10/06 14:37:04 otto Exp $ */ +/* $OpenBSD: malloc.c,v 1.141 2012/02/29 08:44:14 otto Exp $ */ /* * Copyright (c) 2008 Otto Moerbeek * @@ -724,6 +724,11 @@ alloc_chunk_info(struct dir_info *d, int bits) return p; } + +/* + * The hashtable uses the assumption that p is never NULL. This holds since + * non-MAP_FIXED mappings with hint 0 start at BRKSIZ. + */ static int insert(struct dir_info *d, void *p, size_t sz, void *f) { @@ -774,7 +779,7 @@ find(struct dir_info *d, void *p) q = MASK_POINTER(r); STATS_INC(d->find_collisions); } - return q == p ? &d->r[index] : NULL; + return (q == p && r != NULL) ? &d->r[index] : NULL; } static void