Add assertions that detect some forms of region separator corruption.

author: jasone <jasone@FreeBSD.org> 2006-01-19 19:08:11 +0000
committer: jasone <jasone@FreeBSD.org> 2006-01-19 19:08:11 +0000
commit: 583abbb79be32fa0a4c88b5f1e4ff18e6a24f39a (patch)
tree: 86b21dbb05d214fcae68d881be3b614a72ac4532 /lib/libc/stdlib
parent: 0d0573f36bbe56976507162aeed34a622fbed6bc (diff)
download: FreeBSD-src-583abbb79be32fa0a4c88b5f1e4ff18e6a24f39a.zip
FreeBSD-src-583abbb79be32fa0a4c88b5f1e4ff18e6a24f39a.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c
index 3249730..30edb2c 100644
--- a/lib/libc/stdlib/malloc.c
+++ b/lib/libc/stdlib/malloc.c
@@ -1144,6 +1144,11 @@ static __inline size_t
 region_next_size_get(region_sep_t *sep)
 {
 
+	/* The region cannot extend past the end of the containing chunk. */
+	assert(CHUNK_ADDR2OFFSET(&sep[1])
+	    + (size_t) (((sep->bits) & NEXT_SIZE_MASK) << opt_quantum_2pow)
+	    <= chunk_size);
+
 	return ((size_t) (((sep->bits) & NEXT_SIZE_MASK) << opt_quantum_2pow));
 }
 
@@ -1153,6 +1158,8 @@ region_next_size_set(region_sep_t *sep, size_t size)
 	uint32_t bits;
 
 	assert(size % quantum == 0);
+	/* The region cannot extend past the end of the containing chunk. */
+	assert(CHUNK_ADDR2OFFSET(&sep[1]) + size <= chunk_size);
 
 	bits = sep->bits;
 	bits &= ~NEXT_SIZE_MASK;
author	jasone <jasone@FreeBSD.org>	2006-01-19 19:08:11 +0000
committer	jasone <jasone@FreeBSD.org>	2006-01-19 19:08:11 +0000
commit	583abbb79be32fa0a4c88b5f1e4ff18e6a24f39a (patch)
tree	86b21dbb05d214fcae68d881be3b614a72ac4532 /lib/libc/stdlib
parent	0d0573f36bbe56976507162aeed34a622fbed6bc (diff)
download	FreeBSD-src-583abbb79be32fa0a4c88b5f1e4ff18e6a24f39a.zip FreeBSD-src-583abbb79be32fa0a4c88b5f1e4ff18e6a24f39a.tar.gz