From 364cbab96ffd1db4271cef83317f82738999d996 Mon Sep 17 00:00:00 2001
From: otto <>
Date: Thu, 6 Nov 2008 12:32:45 +0000
Subject: if the freeprot flag (F) is set, do not do delayed frees for chunks
 (might catch errors closer to the trouble spot) and junk fill pages just
 before reuse instead of immediate (we can't access the page anyway) since we
 set PROT_NONE in the F case. ok djm@

---
 src/lib/libc/stdlib/malloc.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/lib/libc/stdlib/malloc.c b/src/lib/libc/stdlib/malloc.c
index 0af2e2fdea..37404a199e 100644
--- a/src/lib/libc/stdlib/malloc.c
+++ b/src/lib/libc/stdlib/malloc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: malloc.c,v 1.105 2008/11/02 08:50:41 otto Exp $	*/
+/*	$OpenBSD: malloc.c,v 1.106 2008/11/06 12:32:45 otto Exp $	*/
 /*
  * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
  *
@@ -477,6 +477,8 @@ map(struct dir_info *d, size_t sz, int zero_fill)
 				d->free_regions_size -= psz;
 				if (zero_fill)
 					memset(p, 0, sz);
+				else if (malloc_junk && malloc_freeprot)
+					memset(p, SOME_FREEJUNK, sz);
 				return p;
 			} else if (r->size > psz)
 				big = r;
@@ -1199,7 +1201,7 @@ ofree(void *p)
 			}
 			malloc_guarded -= malloc_guard;
 		}
-		if (malloc_junk)
+		if (malloc_junk && !malloc_freeprot)
 			memset(p, SOME_FREEJUNK, PAGEROUND(sz) - malloc_guard);
 		unmap(&g_pool, p, PAGEROUND(sz));
 		delete(&g_pool, r);
@@ -1209,10 +1211,12 @@ ofree(void *p)
 
 		if (malloc_junk && sz > 0)
 			memset(p, SOME_FREEJUNK, sz);
-		i = getrbyte() & (MALLOC_DELAYED_CHUNKS - 1);
-		tmp = p;
-		p = g_pool.delayed_chunks[i];
-		g_pool.delayed_chunks[i] = tmp;
+		if (!malloc_freeprot) {
+			i = getrbyte() & (MALLOC_DELAYED_CHUNKS - 1);
+			tmp = p;
+			p = g_pool.delayed_chunks[i];
+			g_pool.delayed_chunks[i] = tmp;
+		}
 		if (p != NULL) {
 			r = find(&g_pool, p);
 			if (r == NULL) {
-- 
cgit v1.2.3-55-g6feb