mirror/glibc
2
0
Fork 0
mirror of git://sourceware.org/git/glibc.git synced 2025-04-24 14:41:06 +08:00
Code Issues Packages Projects Releases Wiki Activity
glibc/malloc
History
Ben Kallus d10176c0ff malloc: Add size check when moving fastbin->tcache 
By overwriting a forward link in a fastbin chunk that is subsequently
moved into the tcache, it's possible to get malloc to return an
arbitrary address [0].

When a chunk is fetched from a fastbin, its size is checked against the
expected chunk size for that fastbin (see malloc.c:3991). This patch
adds a similar check for chunks being moved from a fastbin to tcache,
which renders obsolete the exploitation technique described above.

Now updated to use __glibc_unlikely instead of __builtin_expect, as
requested.

[0]: https://github.com/shellphish/how2heap/blob/master/glibc_2.39/fastbin_reverse_into_tcache.c

Signed-off-by: Ben Kallus <benjamin.p.kallus.gr@dartmouth.edu>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
2025-02-13 16:31:28 -03:00
..
alloc_buffer_alloc_array.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
alloc_buffer_allocate.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
alloc_buffer_copy_bytes.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
alloc_buffer_copy_string.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
alloc_buffer_create_failure.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
arena.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
Depend
added rt to malloc/Depend [BZ #27132]
2021-02-23 10:04:45 +01:00
dynarray_at_failure.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
dynarray_emplace_enlarge.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
dynarray_finalize.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
dynarray_resize_clear.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
dynarray_resize.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
dynarray-skeleton.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
dynarray.h
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
hooks.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
Makefile
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
malloc-check.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
malloc-debug.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
malloc-internal.h
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
malloc.c
malloc: Add size check when moving fastbin->tcache
2025-02-13 16:31:28 -03:00
malloc.h
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
mallocbug.c
Reformat malloc to gnu style.
2014-01-02 09:40:10 +01:00
mcheck-impl.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
mcheck-init.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
mcheck.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
mcheck.h
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
memusage.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
memusage.sh
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
memusagestat.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
morecore.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
mtrace-impl.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
mtrace.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
mtrace.pl
Update copyright dates not handled by scripts/update-copyrights
2025-01-01 11:22:09 -08:00
obstack.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
obstack.h
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
reallocarray.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
scratch_buffer_grow_preserve.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
scratch_buffer_grow.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
scratch_buffer_set_array_size.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
set-freeres.c
elf: Merge __dl_libc_freemem into __rtld_libc_freeres
2025-02-02 20:10:09 +01:00
thread-freeres.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-aligned_alloc-lib.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-aligned-alloc-random-thread-cross.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-aligned-alloc-random-thread.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-aligned-alloc-random.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-aligned-alloc-static.c
aligned_alloc: conform to C17
2023-05-08 16:40:10 -04:00
tst-aligned-alloc.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-alloc_buffer.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-calloc.c
malloc: cleanup casts in tst-calloc
2025-01-25 05:34:05 +00:00
tst-compathooks-off.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-compathooks-on.c
Move malloc hooks into a compat DSO
2021-07-22 18:37:59 +05:30
tst-dynarray-at-fail.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-dynarray-fail.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-dynarray-shared.h
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-dynarray.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-free-errno.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-interpose-aux-nothread.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-interpose-aux-thread.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-interpose-aux.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-interpose-aux.h
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-interpose-nothread.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-interpose-skeleton.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-interpose-static-nothread.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-interpose-static-thread.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-interpose-thread.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-mallinfo2.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-malloc_info.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-malloc-alternate-path.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-malloc-aux.h
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-malloc-backtrace.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-malloc-check.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-malloc-fork-deadlock.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-malloc-random.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-malloc-stats-cancellation.c
malloc: Run tst-malloc-stats-cancellation via test-driver.c
2021-04-07 02:35:50 +02:00
tst-malloc-tcache-leak.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-malloc-thread-exit.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-malloc-thread-fail.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-malloc-too-large.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-malloc-usable-tunables.c
Initialize tunable list with the GLIBC_TUNABLES environment variable
2016-12-31 23:49:24 +05:30
tst-malloc-usable.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-malloc.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-mallocalign1.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-mallocfork2.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-mallocfork3.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-mallocfork.c
Fix malloc tests build with GCC 10.
2019-06-10 22:12:08 +00:00
tst-mallocstate.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-mallopt.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-memalign-2.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-memalign-3.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-memalign.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-mtrace.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-mtrace.sh
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-mxfast.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-obstack.c
Avoid -Wuse-after-free in tests [BZ #26779].
2022-01-26 10:38:23 -07:00
tst-posix_memalign.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-pvalloc-fortify.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-pvalloc.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-realloc.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-reallocarray.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-safe-linking.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-scratch_buffer.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-tcfree1.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-tcfree2.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-tcfree3.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
tst-trim1.c
* malloc/tst-trim1.c: New file.
2007-12-16 22:57:57 +00:00
tst-valloc.c
Update copyright dates with scripts/update-copyrights
2025-01-01 11:22:09 -08:00
Versions
Remove unused scratch_buffer_dupfree
2022-10-28 18:43:58 +01:00