Message ID | CAFv60hKaQJq4E_oHtC_axEJeVudzmsToBB-NYjWt_oTZoNTiag@mail.gmail.com |
---|---|
State | New |
Headers | show |
Series | malloc: verify the size of top chuck, stopping House of Force | expand |
diff --git a/malloc/malloc.c b/malloc/malloc.c index f94d51cca1..d93eca6273 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -4076,6 +4076,11 @@ _int_malloc (mstate av, size_t bytes) victim = av->top; size = chunksize (victim); + if (__glibc_unlikely (size > av->system_mem)) + { + malloc_printerr ("malloc(): corrupted top size"); + } + if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE)) { remainder_size = size - nb;