Date: Fri, 02 Nov 2001 12:35:05 +0100 From: Poul-Henning Kamp <phk@freebsd.org> To: current@freebsd.org Message-ID: <22869.1004700905@critter.freebsd.dk>
next in thread | raw e-mail | index | archive | help
This commits adds yet a check to phkmallocs attempts to shoot down
wrong use of the malloc(3) API.
Now programs like this will core dump with a fault address roughly
half of a pagesize (0x800 for i386):
int
main(void)
{
struct blaf *bp;
bp = calloc(4, sizeof *bp);
bp = realloc(bp, 0);
printf("%8x\n", bp);
printf("%d\n", bp->nbr);
exit (0);
}
Poul-Henning
>To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
>Message-Id: <200111021132.fA2BWSs53697@freefall.freebsd.org>
>Date: Fri, 02 Nov 2001 03:32:28 PST
>
>phk 2001/11/02 03:32:28 PST
>
> Modified files:
> lib/libc/stdlib malloc.c
> Log:
> phkmalloc->evilchecks++;
>
> If zero bytes are allocated, return pointer to the middle of page-zero
> (which is protected) so that the program will crash if it dereferences
> this illgotten pointer.
>
> Inspired & Urged by: Theo de Raadt <deraadt@cvs.openbsd.org>
>
> Revision Changes Path
> 1.60 +14 -4 src/lib/libc/stdlib/malloc.c
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?22869.1004700905>