if the freeprot flag (F) is set, do not do delayed frees for chunks

(might catch errors closer to the trouble spot) and junk fill pages just
before reuse instead of immediate (we can't access the page anyway)
since we set PROT_NONE in the F case. ok djm@

1 files changed, 10 insertions, 6 deletions

diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c
index 0af2e2fdea5..37404a199ee 100644
--- a/lib/libc/stdlib/malloc.c
+++ b/lib/libc/stdlib/malloc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: malloc.c,v 1.105 2008/11/02 08:50:41 otto Exp $	*/
+/*	$OpenBSD: malloc.c,v 1.106 2008/11/06 12:32:45 otto Exp $	*/
 /*
  * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
  *
@@ -477,6 +477,8 @@ map(struct dir_info *d, size_t sz, int zero_fill)
 				d->free_regions_size -= psz;
 				if (zero_fill)
 					memset(p, 0, sz);
+				else if (malloc_junk && malloc_freeprot)
+					memset(p, SOME_FREEJUNK, sz);
 				return p;
 			} else if (r->size > psz)
 				big = r;
@@ -1199,7 +1201,7 @@ ofree(void *p)
 			}
 			malloc_guarded -= malloc_guard;
 		}
-		if (malloc_junk)
+		if (malloc_junk && !malloc_freeprot)
 			memset(p, SOME_FREEJUNK, PAGEROUND(sz) - malloc_guard);
 		unmap(&g_pool, p, PAGEROUND(sz));
 		delete(&g_pool, r);
@@ -1209,10 +1211,12 @@ ofree(void *p)
 
 		if (malloc_junk && sz > 0)
 			memset(p, SOME_FREEJUNK, sz);
-		i = getrbyte() & (MALLOC_DELAYED_CHUNKS - 1);
-		tmp = p;
-		p = g_pool.delayed_chunks[i];
-		g_pool.delayed_chunks[i] = tmp;
+		if (!malloc_freeprot) {
+			i = getrbyte() & (MALLOC_DELAYED_CHUNKS - 1);
+			tmp = p;
+			p = g_pool.delayed_chunks[i];
+			g_pool.delayed_chunks[i] = tmp;
+		}
 		if (p != NULL) {
 			r = find(&g_pool, p);
 			if (r == NULL) {