From 583abbb79be32fa0a4c88b5f1e4ff18e6a24f39a Mon Sep 17 00:00:00 2001
From: jasone <jasone@FreeBSD.org>
Date: Thu, 19 Jan 2006 19:08:11 +0000
Subject: Add assertions that detect some forms of region separator corruption.

---
 lib/libc/stdlib/malloc.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'lib/libc/stdlib/malloc.c')

diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c
index 3249730..30edb2c 100644
--- a/lib/libc/stdlib/malloc.c
+++ b/lib/libc/stdlib/malloc.c
@@ -1144,6 +1144,11 @@ static __inline size_t
 region_next_size_get(region_sep_t *sep)
 {
 
+	/* The region cannot extend past the end of the containing chunk. */
+	assert(CHUNK_ADDR2OFFSET(&sep[1])
+	    + (size_t) (((sep->bits) & NEXT_SIZE_MASK) << opt_quantum_2pow)
+	    <= chunk_size);
+
 	return ((size_t) (((sep->bits) & NEXT_SIZE_MASK) << opt_quantum_2pow));
 }
 
@@ -1153,6 +1158,8 @@ region_next_size_set(region_sep_t *sep, size_t size)
 	uint32_t bits;
 
 	assert(size % quantum == 0);
+	/* The region cannot extend past the end of the containing chunk. */
+	assert(CHUNK_ADDR2OFFSET(&sep[1]) + size <= chunk_size);
 
 	bits = sep->bits;
 	bits &= ~NEXT_SIZE_MASK;
-- 
cgit v1.1