| commit | 0e00b35704e67c499c3abfbd5b6224a13d38b012 | |
| author | W. Hashimoto <ssmallkirby@gmail.com> | |
| Fri, 11 Dec 2020 21:59:10 +0000 (11 16:59 -0500) | ||
| committer | DJ Delorie <dj@redhat.com> | |
| Fri, 11 Dec 2020 21:59:10 +0000 (11 16:59 -0500) | ||
| tree | f152ace4c444d59c1590e40d2ce814e442f97346 | treesnapshot (tar.gz zip) |
| parent | 751acde7ec335506b54e94ed6f2c998f6c0a22c6 | commitdiff |
malloc: Detect infinite-loop in _int_free when freeing tcache [BZ#27052]
If linked-list of tcache contains a loop, it invokes infinite
loop in _int_free when freeing tcache. The PoC which invokes
such infinite loop is on the Bugzilla(#27052). This loop
should terminate when the loop exceeds mp_.tcache_count and
the program should abort. The affected glibc version is
2.29 or later.
Reviewed-by: DJ Delorie <dj@redhat.com>
If linked-list of tcache contains a loop, it invokes infinite
loop in _int_free when freeing tcache. The PoC which invokes
such infinite loop is on the Bugzilla(#27052). This loop
should terminate when the loop exceeds mp_.tcache_count and
the program should abort. The affected glibc version is
2.29 or later.
Reviewed-by: DJ Delorie <dj@redhat.com>
| malloc/malloc.c | diffblobblamehistory |