From patchwork Mon Feb 26 20:14:39 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Francois Goichon <fgoichon@google.com>
X-Patchwork-Id: 26075
Received: (qmail 23501 invoked by alias); 26 Feb 2018 20:14:45 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 23486 invoked by uid 89); 26 Feb 2018 20:14:44 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00, GIT_PATCH_0,
	GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE,
	SPF_PASS,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=H*M:google
X-HELO: mail-wm0-f68.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:subject:to:cc:references:from:message-id:date
	:user-agent:mime-version:in-reply-to:content-language
	:content-transfer-encoding;
	bh=Qa9RJMcWCyZqzpFgkd6+k6QBNvCmkn4+7VQFhI8LRTk=;
	b=XnJpX3rL/yKAxkgS775DnOCKtOrgepC5i1C2fpHs5vFIeCm5X8laj50b5hpKLOaXGq
	n40E7VTQe3RPjaNS9hirvMjS5YmrRrfluus5vWuHgBOSqHCkEoUSzrKrOUfBnFcf5rDy
	rEid89iueq4OE8ybCy7m4NhwPF5I2ActALGxu3aQu2j/fx0bfY+HegNO8bHnKK4r/QcE
	hlsqzxehut4qee0dRlBijhN4cPNAq2fLhytHcsQMSXKvQmc3qzOZQI3qsW76EbehV34g
	9sTx+SFaabtXTjA8eYzYSl7fjK3NRm8DeffmGYePRiU4kwkp9x8b91QX4kygEcAmvtrF
	rEig==
X-Gm-Message-State: APf1xPC/0MDFE7HHdViWUSCoITMr1AMvbUPRymckfEQOiIxxVlY9bfCl
	VotnBR5FOGryMazHtTlCmuiA//q6DFc=
X-Google-Smtp-Source: 
 AH8x226s1Zu+yWxpKWAkYo7UswMlJH26J5Zr5TZtm5mj+ZcSZ1VfPfwdjLwLy3o9trgWkgzu/x5dlA==
X-Received: by 10.80.177.28 with SMTP id k28mr15732483edd.154.1519676080839;
	Mon, 26 Feb 2018 12:14:40 -0800 (PST)
Subject: Re: [PATCH] malloc: harden removal from unsorted list
To: DJ Delorie <dj@redhat.com>
Cc: libc-alpha@sourceware.org
References: <xnlgfftx73.fsf@greed.delorie.com>
From: Francois Goichon <fgoichon@google.com>
Message-ID: <8b1e34ca-7f35-c04e-0143-47608bdcf654@google.com>
Date: Mon, 26 Feb 2018 21:14:39 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
	Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <xnlgfftx73.fsf@greed.delorie.com>

* malloc/malloc.c (_int_malloc): Added check before removing from
	unsorted list.
---
  malloc/malloc.c | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/malloc/malloc.c b/malloc/malloc.c
index 58f9acd4d1..fd1a263e9e 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3775,6 +3775,8 @@ _int_malloc (mstate av, size_t bytes)
              }

            /* remove from unsorted list */
+          if (__glibc_unlikely (bck->fd != victim))
+            malloc_printerr ("malloc(): corrupted unsorted chunks 3");
            unsorted_chunks (av)->bk = bck;
            bck->fd = unsorted_chunks (av);