From ea41be77ba3ef552f4d773a26ff30f497872fcfc Mon Sep 17 00:00:00 2001
From: Jason Evans <jasone@FreeBSD.org>
Date: Thu, 19 Jan 2006 19:08:11 +0000
Subject: Add assertions that detect some forms of region separator corruption.

---
 lib/libc/stdlib/malloc.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'lib/libc/stdlib/malloc.c')

diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c
index 32497305b7980..30edb2cc90709 100644
--- a/lib/libc/stdlib/malloc.c
+++ b/lib/libc/stdlib/malloc.c
@@ -1144,6 +1144,11 @@ static __inline size_t
 region_next_size_get(region_sep_t *sep)
 {
 
+	/* The region cannot extend past the end of the containing chunk. */
+	assert(CHUNK_ADDR2OFFSET(&sep[1])
+	    + (size_t) (((sep->bits) & NEXT_SIZE_MASK) << opt_quantum_2pow)
+	    <= chunk_size);
+
 	return ((size_t) (((sep->bits) & NEXT_SIZE_MASK) << opt_quantum_2pow));
 }
 
@@ -1153,6 +1158,8 @@ region_next_size_set(region_sep_t *sep, size_t size)
 	uint32_t bits;
 
 	assert(size % quantum == 0);
+	/* The region cannot extend past the end of the containing chunk. */
+	assert(CHUNK_ADDR2OFFSET(&sep[1]) + size <= chunk_size);
 
 	bits = sep->bits;
 	bits &= ~NEXT_SIZE_MASK;
-- 
cgit v1.2.3