diff options
| -rw-r--r-- | src/lib/libc/stdlib/malloc.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/src/lib/libc/stdlib/malloc.c b/src/lib/libc/stdlib/malloc.c index 4e5176f71e..dc395c4736 100644 --- a/src/lib/libc/stdlib/malloc.c +++ b/src/lib/libc/stdlib/malloc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: malloc.c,v 1.223 2017/04/18 15:46:44 otto Exp $ */ | 1 | /* $OpenBSD: malloc.c,v 1.224 2017/04/22 09:12:49 otto Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net> | 3 | * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net> |
| 4 | * Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org> | 4 | * Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org> |
| @@ -1334,7 +1334,7 @@ ofree(struct dir_info *argpool, void *p, int clear, int check, size_t argsz) | |||
| 1334 | REALSIZE(sz, r); | 1334 | REALSIZE(sz, r); |
| 1335 | if (check) { | 1335 | if (check) { |
| 1336 | if (sz <= MALLOC_MAXCHUNK) { | 1336 | if (sz <= MALLOC_MAXCHUNK) { |
| 1337 | if (mopts.chunk_canaries) { | 1337 | if (mopts.chunk_canaries && sz > 0) { |
| 1338 | struct chunk_info *info = | 1338 | struct chunk_info *info = |
| 1339 | (struct chunk_info *)r->size; | 1339 | (struct chunk_info *)r->size; |
| 1340 | uint32_t chunknum = | 1340 | uint32_t chunknum = |
| @@ -1342,14 +1342,19 @@ ofree(struct dir_info *argpool, void *p, int clear, int check, size_t argsz) | |||
| 1342 | 1342 | ||
| 1343 | if (info->bits[info->offset + chunknum] < | 1343 | if (info->bits[info->offset + chunknum] < |
| 1344 | argsz) | 1344 | argsz) |
| 1345 | wrterror(pool, "recorded old size %hu" | 1345 | wrterror(pool, "recorded size %hu" |
| 1346 | " < %zu", | 1346 | " < %zu", |
| 1347 | info->bits[info->offset + chunknum], | 1347 | info->bits[info->offset + chunknum], |
| 1348 | argsz); | 1348 | argsz); |
| 1349 | } else { | ||
| 1350 | if (sz < argsz) | ||
| 1351 | wrterror(pool, "chunk size %zu < %zu", | ||
| 1352 | sz, argsz); | ||
| 1349 | } | 1353 | } |
| 1350 | } else if (sz - mopts.malloc_guard < argsz) | 1354 | } else if (sz - mopts.malloc_guard < argsz) { |
| 1351 | wrterror(pool, "recorded old size %zu < %zu", | 1355 | wrterror(pool, "recorded size %zu < %zu", |
| 1352 | sz - mopts.malloc_guard, argsz); | 1356 | sz - mopts.malloc_guard, argsz); |
| 1357 | } | ||
| 1353 | } | 1358 | } |
| 1354 | if (sz > MALLOC_MAXCHUNK) { | 1359 | if (sz > MALLOC_MAXCHUNK) { |
| 1355 | if (!MALLOC_MOVE_COND(sz)) { | 1360 | if (!MALLOC_MOVE_COND(sz)) { |