(public_cALLOc): Check for overflow on multiplication.

2024-12-22 10:50:07 +00:00 · 2002-08-02 01:27:46 +00:00 · 2002-08-02 01:27:46 +00:00 · 0950889b81
commit 0950889b81
parent d7e1ad053b
3 changed files with 25 additions and 7 deletions
--- a/linuxthreads/sysdeps/i386/pspinlock.c
+++ b/linuxthreads/sysdeps/i386/pspinlock.c
@ -1,5 +1,5 @@
 /* POSIX spinlock implementation.  x86 version.
-   Copyright (C) 2000 Free Software Foundation, Inc.
+   Copyright (C) 2000, 2002 Free Software Foundation, Inc.
   This file is part of the GNU C Library.

   The GNU C Library is free software; you can redistribute it and/or
@ -20,6 +20,8 @@
 #include <errno.h>
 #include <pthread.h>
 #include "internals.h"
+#include "kernel-features.h"
+

 /* This implementation is similar to the one used in the Linux kernel.
   But the kernel is byte instructions for the memory access.  This is
@ -95,3 +97,7 @@ __pthread_spin_destroy (pthread_spinlock_t *lock)
  return 0;
 }
 weak_alias (__pthread_spin_destroy, pthread_spin_destroy)
+
+#ifndef __ASSUME_SET_THREAD_AREA_SYSCALL
+int __have_no_set_thread_area;
+#endif
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@ -3452,16 +3452,23 @@ public_cALLOc(size_t n, size_t elem_size)
 {
  mstate av;
  mchunkptr oldtop, p;
-  INTERNAL_SIZE_T sz, csz, oldtopsize;
+  INTERNAL_SIZE_T bytes, sz, csz, oldtopsize;
  Void_t* mem;
  unsigned long clearsize;
  unsigned long nclears;
  INTERNAL_SIZE_T* d;
-
  __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, __const __malloc_ptr_t)) =
    __malloc_hook;
+
+  /* size_t is unsigned so the behavior on overflow is defined.  */
+  bytes = n * elem_size;
+  if (bytes / elem_size != n) {
+    MALLOC_FAILURE_ACTION;
+    return 0;
+  }
+
  if (hook != NULL) {
-    sz = n * elem_size;
+    sz = bytes;
    mem = (*hook)(sz, RETURN_ADDRESS (0));
    if(mem == 0)
      return 0;
@ -3473,8 +3480,7 @@ public_cALLOc(size_t n, size_t elem_size)
 #endif
  }

-  /* FIXME: check for overflow on multiplication.  */
-  sz = n * elem_size;
+  sz = bytes;

  arena_get(av, sz);
  if(!av)
--- a/sysdeps/unix/sysv/linux/kernel-features.h
+++ b/sysdeps/unix/sysv/linux/kernel-features.h
@ -1,6 +1,6 @@
 /* Set flags signalling availability of kernel features based on given
   kernel version number.
-   Copyright (C) 1999, 2000, 2001 Free Software Foundation, Inc.
+   Copyright (C) 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
   This file is part of the GNU C Library.

   The GNU C Library is free software; you can redistribute it and/or
@ -184,6 +184,12 @@
 # define __ASSUME_MMAP2_SYSCALL		1
 #endif

+/* On x86, the set_thread_area syscall was introduced in 2.5.29, but its
+   semantics was changed in 2.5.30.  */
+#if __LINUX_KERNEL_VERSION >= 132382 && defined __i386__
+# define __ASSUME_SET_THREAD_AREA_SYSCALL	1
+#endif
+
 /* There are an infinite number of PA-RISC kernel versions numbered
   2.4.0.  But they've not really been released as such.  We require
   and expect the final version here.  */