From 8f1558cbeb8a510aeafeccc3ba87f0025bb469bf Mon Sep 17 00:00:00 2001 From: schulz Date: Tue, 18 Jun 2013 11:31:53 +0000 Subject: [PATCH] protect stdAlloc and stdDealloc even more against misused MEMF_MANAGED flag in memory header. Now the check includes testing ln_Type for NT_MEMORY and mhe_Magic fields. git-svn-id: https://svn.aros.org/svn/aros/trunk/AROS@47573 fb15a70f-31f2-0310-bbcc-cdcc74a49acc --- rom/exec/memory.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/rom/exec/memory.c b/rom/exec/memory.c index 1de4c5cdbe..18c581c4b4 100644 --- a/rom/exec/memory.c +++ b/rom/exec/memory.c @@ -487,7 +487,9 @@ APTR stdAlloc(struct MemHeader *mh, struct MemHeaderAllocatorCtx *mhac, IPTR siz * The check has to be done for the second time. Exec uses stdAlloc on memheader * passed upon startup. This is bad, very bad. So here a temporary hack :) */ - if (mh->mh_Attributes & MEMF_MANAGED) + if ((mh->mh_Node.ln_Type == NT_MEMORY) && + (mh->mh_Attributes & MEMF_MANAGED) && + (((struct MemHeaderExt *)mh)->mhe_Magic == MEMHEADER_EXT_MAGIC)) { struct MemHeaderExt *mhe = (struct MemHeaderExt *)mh; @@ -624,7 +626,9 @@ void stdDealloc(struct MemHeader *freeList, struct MemHeaderAllocatorCtx *mhac, struct MemChunk *p1, *p2, *p3; UBYTE *p4; - if (freeList->mh_Attributes & MEMF_MANAGED) + if ((freeList->mh_Node.ln_Type == NT_MEMORY) && + (freeList->mh_Attributes & MEMF_MANAGED) && + (((struct MemHeaderExt *)freeList)->mhe_Magic == MEMHEADER_EXT_MAGIC)) { struct MemHeaderExt *mhe = (struct MemHeaderExt *)freeList; -- 2.11.4.GIT