import glibc-2.28-101.el8.src.rpm
Signed-off-by: zhangbinchen <zhangbinchen@openanolis.org>
This commit is contained in:
zhangbinchen
commit
ba6a26df65
268 changed files with 59851 additions and 0 deletions
31
glibc-rh1651283-7.patch
Normal file
31
glibc-rh1651283-7.patch
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
commit 5b06f538c5aee0389ed034f60d90a8884d6d54de
|
||||
Author: Adam Maris <amaris@redhat.com>
|
||||
Date: Thu Mar 14 16:51:16 2019 -0400
|
||||
|
||||
malloc: Check for large bin list corruption when inserting unsorted chunk
|
||||
|
||||
Fixes bug 24216. This patch adds security checks for bk and bk_nextsize pointers
|
||||
of chunks in large bin when inserting chunk from unsorted bin. It was possible
|
||||
to write the pointer to victim (newly inserted chunk) to arbitrary memory
|
||||
locations if bk or bk_nextsize pointers of the next large bin chunk
|
||||
got corrupted.
|
||||
|
||||
diff --git a/malloc/malloc.c b/malloc/malloc.c
|
||||
index 4412a4ffc83b013b..723d393f529bdb4c 100644
|
||||
--- a/malloc/malloc.c
|
||||
+++ b/malloc/malloc.c
|
||||
@@ -3876,10 +3876,14 @@ _int_malloc (mstate av, size_t bytes)
|
||||
{
|
||||
victim->fd_nextsize = fwd;
|
||||
victim->bk_nextsize = fwd->bk_nextsize;
|
||||
+ if (__glibc_unlikely (fwd->bk_nextsize->fd_nextsize != fwd))
|
||||
+ malloc_printerr ("malloc(): largebin double linked list corrupted (nextsize)");
|
||||
fwd->bk_nextsize = victim;
|
||||
victim->bk_nextsize->fd_nextsize = victim;
|
||||
}
|
||||
bck = fwd->bk;
|
||||
+ if (bck->fd != fwd)
|
||||
+ malloc_printerr ("malloc(): largebin double linked list corrupted (bk)");
|
||||
}
|
||||
}
|
||||
else
|
||||
Loading…
Add table
Add a link
Reference in a new issue