Date: Fri, 02 Nov 2001 12:35:05 +0100 From: Poul-Henning Kamp <phk@freebsd.org> To: current@freebsd.org Message-ID: <22869.1004700905@critter.freebsd.dk>
next in thread | raw e-mail | index | archive | help
This commits adds yet a check to phkmallocs attempts to shoot down wrong use of the malloc(3) API. Now programs like this will core dump with a fault address roughly half of a pagesize (0x800 for i386): int main(void) { struct blaf *bp; bp = calloc(4, sizeof *bp); bp = realloc(bp, 0); printf("%8x\n", bp); printf("%d\n", bp->nbr); exit (0); } Poul-Henning >To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org >Message-Id: <200111021132.fA2BWSs53697@freefall.freebsd.org> >Date: Fri, 02 Nov 2001 03:32:28 PST > >phk 2001/11/02 03:32:28 PST > > Modified files: > lib/libc/stdlib malloc.c > Log: > phkmalloc->evilchecks++; > > If zero bytes are allocated, return pointer to the middle of page-zero > (which is protected) so that the program will crash if it dereferences > this illgotten pointer. > > Inspired & Urged by: Theo de Raadt <deraadt@cvs.openbsd.org> > > Revision Changes Path > 1.60 +14 -4 src/lib/libc/stdlib/malloc.c -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?22869.1004700905>