From 6a8ef753646373ab883a3d4adfea7fdc4263fd40 Mon Sep 17 00:00:00 2001 From: guangli-dai Date: Wed, 7 May 2025 16:37:26 -0700 Subject: [PATCH] Add one more check to double free validation. --- include/jemalloc/internal/arena_inlines_b.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/jemalloc/internal/arena_inlines_b.h b/include/jemalloc/internal/arena_inlines_b.h index 4b765289..61008b59 100644 --- a/include/jemalloc/internal/arena_inlines_b.h +++ b/include/jemalloc/internal/arena_inlines_b.h @@ -68,7 +68,8 @@ large_dalloc_safety_checks(edata_t *edata, const void *ptr, size_t input_size) { "possibly caused by double free bugs.", ptr); return true; } - if (unlikely(input_size != edata_usize_get(edata))) { + if (unlikely(input_size != edata_usize_get(edata) || + input_size > SC_LARGE_MAXCLASS)) { safety_check_fail_sized_dealloc(/* current_dealloc */ true, ptr, /* true_size */ edata_usize_get(edata), input_size); return true;