diff options
| -rw-r--r-- | src/malloc/malloc.c | 4 | 
1 files changed, 4 insertions, 0 deletions
| diff --git a/src/malloc/malloc.c b/src/malloc/malloc.c index 3c08c41e..a4eefda9 100644 --- a/src/malloc/malloc.c +++ b/src/malloc/malloc.c @@ -393,6 +393,8 @@ void *realloc(void *p, size_t n)  		char *base = (char *)self - extra;  		size_t oldlen = n0 + extra;  		size_t newlen = n + extra; +		/* Crash on realloc of freed chunk */ +		if ((uintptr_t)base < mal.brk) *(char *)0=0;  		if (newlen < PAGE_SIZE && (new = malloc(n))) {  			memcpy(new, p, n-OVERHEAD);  			free(p); @@ -454,6 +456,8 @@ void free(void *p)  		size_t extra = self->data[-1];  		char *base = (char *)self - extra;  		size_t len = CHUNK_SIZE(self) + extra; +		/* Crash on double free */ +		if ((uintptr_t)base < mal.brk) *(char *)0=0;  		__munmap(base, len);  		return;  	} | 
