From bf58906631af8fe0d57625988b1d003cc09ef01d Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@redhat.com>
Date: Thu, 13 Oct 2005 04:48:35 +0000
Subject: * malloc/malloc.c (_int_free): Fail if block size is obviously wrong.

---
 malloc/malloc.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'malloc/malloc.c')

diff --git a/malloc/malloc.c b/malloc/malloc.c
index a8bc76739f..4ea35254bb 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4278,6 +4278,12 @@ _int_free(mstate av, Void_t* mem)
       malloc_printerr (check_action, errstr, mem);
       return;
     }
+  /* We know that each chunk is at least MINSIZE bytes in size.  */
+  if (__builtin_expect (size < MINSIZE, 0))
+    {
+      errstr = "free(): invalid size";
+      goto errout;
+    }
 
   check_inuse_chunk(av, p);
 
-- 
cgit v1.2.3