diff options
| author | phk <phk@FreeBSD.org> | 2001-11-02 11:32:28 +0000 |
|---|---|---|
| committer | phk <phk@FreeBSD.org> | 2001-11-02 11:32:28 +0000 |
| commit | 43f68f8842874a57a15e311a43e2dcc92cc1cfb4 (patch) | |
| tree | 3bca62f4a508e9043444b16274128b5cb1a7cd6f | |
| parent | d88ecc48a577b7e835d80ab8eec6b5c867a10ce6 (diff) | |
| download | FreeBSD-src-43f68f8842874a57a15e311a43e2dcc92cc1cfb4.zip FreeBSD-src-43f68f8842874a57a15e311a43e2dcc92cc1cfb4.tar.gz | |
phkmalloc->evilchecks++;
If zero bytes are allocated, return pointer to the middle of page-zero
(which is protected) so that the program will crash if it dereferences
this illgotten pointer.
Inspired & Urged by: Theo de Raadt <deraadt@cvs.openbsd.org>
| -rw-r--r-- | lib/libc/stdlib/malloc.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c index 7425796..bc6769b 100644 --- a/lib/libc/stdlib/malloc.c +++ b/lib/libc/stdlib/malloc.c @@ -89,6 +89,9 @@ # define malloc_minsize 16U #endif /* __FOOCPU__ && __BAROS__ */ +#ifndef ZEROSIZEPTR +#define ZEROSIZEPTR ((void *)(1 << (malloc_pageshift - 1))) +#endif /* * No user serviceable parts behind this point. @@ -1091,6 +1094,8 @@ malloc(size_t size) malloc_init(); if (malloc_sysv && !size) r = 0; + else if (!size) + r = ZEROSIZEPTR; else r = imalloc(size); UTRACE(0, size, r); @@ -1110,10 +1115,10 @@ free(void *ptr) wrtwarning("recursive call\n"); malloc_active--; return; - } else { - ifree(ptr); - UTRACE(ptr, 0, 0); } + if (ptr != ZEROSIZEPTR) + ifree(ptr); + UTRACE(ptr, 0, 0); malloc_active--; THREAD_UNLOCK(); return; @@ -1137,9 +1142,14 @@ realloc(void *ptr, size_t size) } if (!malloc_started) malloc_init(); + if (ptr == ZEROSIZEPTR) + ptr = NULL; if (malloc_sysv && !size) { ifree(ptr); r = 0; + } else if (!size) { + ifree(ptr); + r = ZEROSIZEPTR; } else if (!ptr) { r = imalloc(size); } else { |
