From owner-freebsd-current Fri Nov 2 3:35:54 2001 Delivered-To: freebsd-current@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by hub.freebsd.org (Postfix) with ESMTP id 3D94A37B405 for ; Fri, 2 Nov 2001 03:35:47 -0800 (PST) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.6/8.11.6) with ESMTP id fA2BZ5922871 for ; Fri, 2 Nov 2001 12:35:05 +0100 (CET) (envelope-from phk@critter.freebsd.dk) To: current@freebsd.org Subject: From: Poul-Henning Kamp Date: Fri, 02 Nov 2001 12:35:05 +0100 Message-ID: <22869.1004700905@critter.freebsd.dk> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This commits adds yet a check to phkmallocs attempts to shoot down wrong use of the malloc(3) API. Now programs like this will core dump with a fault address roughly half of a pagesize (0x800 for i386): int main(void) { struct blaf *bp; bp = calloc(4, sizeof *bp); bp = realloc(bp, 0); printf("%8x\n", bp); printf("%d\n", bp->nbr); exit (0); } Poul-Henning >To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org >Message-Id: <200111021132.fA2BWSs53697@freefall.freebsd.org> >Date: Fri, 02 Nov 2001 03:32:28 PST > >phk 2001/11/02 03:32:28 PST > > Modified files: > lib/libc/stdlib malloc.c > Log: > phkmalloc->evilchecks++; > > If zero bytes are allocated, return pointer to the middle of page-zero > (which is protected) so that the program will crash if it dereferences > this illgotten pointer. > > Inspired & Urged by: Theo de Raadt > > Revision Changes Path > 1.60 +14 -4 src/lib/libc/stdlib/malloc.c -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message