From 0950889b810736fe7ad340a13a5ecf76672e1a84 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Fri, 2 Aug 2002 01:27:46 +0000 Subject: [PATCH] (public_cALLOc): Check for overflow on multiplication. --- linuxthreads/sysdeps/i386/pspinlock.c | 8 +++++++- malloc/malloc.c | 16 +++++++++++----- sysdeps/unix/sysv/linux/kernel-features.h | 8 +++++++- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/linuxthreads/sysdeps/i386/pspinlock.c b/linuxthreads/sysdeps/i386/pspinlock.c index 5d242388aa..bd7c55b2f4 100644 --- a/linuxthreads/sysdeps/i386/pspinlock.c +++ b/linuxthreads/sysdeps/i386/pspinlock.c @@ -1,5 +1,5 @@ /* POSIX spinlock implementation. x86 version. - Copyright (C) 2000 Free Software Foundation, Inc. + Copyright (C) 2000, 2002 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -20,6 +20,8 @@ #include #include #include "internals.h" +#include "kernel-features.h" + /* This implementation is similar to the one used in the Linux kernel. But the kernel is byte instructions for the memory access. This is @@ -95,3 +97,7 @@ __pthread_spin_destroy (pthread_spinlock_t *lock) return 0; } weak_alias (__pthread_spin_destroy, pthread_spin_destroy) + +#ifndef __ASSUME_SET_THREAD_AREA_SYSCALL +int __have_no_set_thread_area; +#endif diff --git a/malloc/malloc.c b/malloc/malloc.c index cee3f322a0..cd40626504 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -3452,16 +3452,23 @@ public_cALLOc(size_t n, size_t elem_size) { mstate av; mchunkptr oldtop, p; - INTERNAL_SIZE_T sz, csz, oldtopsize; + INTERNAL_SIZE_T bytes, sz, csz, oldtopsize; Void_t* mem; unsigned long clearsize; unsigned long nclears; INTERNAL_SIZE_T* d; - __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, __const __malloc_ptr_t)) = __malloc_hook; + + /* size_t is unsigned so the behavior on overflow is defined. */ + bytes = n * elem_size; + if (bytes / elem_size != n) { + MALLOC_FAILURE_ACTION; + return 0; + } + if (hook != NULL) { - sz = n * elem_size; + sz = bytes; mem = (*hook)(sz, RETURN_ADDRESS (0)); if(mem == 0) return 0; @@ -3473,8 +3480,7 @@ public_cALLOc(size_t n, size_t elem_size) #endif } - /* FIXME: check for overflow on multiplication. */ - sz = n * elem_size; + sz = bytes; arena_get(av, sz); if(!av) diff --git a/sysdeps/unix/sysv/linux/kernel-features.h b/sysdeps/unix/sysv/linux/kernel-features.h index 927701a662..3653f73618 100644 --- a/sysdeps/unix/sysv/linux/kernel-features.h +++ b/sysdeps/unix/sysv/linux/kernel-features.h @@ -1,6 +1,6 @@ /* Set flags signalling availability of kernel features based on given kernel version number. - Copyright (C) 1999, 2000, 2001 Free Software Foundation, Inc. + Copyright (C) 1999, 2000, 2001, 2002 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -184,6 +184,12 @@ # define __ASSUME_MMAP2_SYSCALL 1 #endif +/* On x86, the set_thread_area syscall was introduced in 2.5.29, but its + semantics was changed in 2.5.30. */ +#if __LINUX_KERNEL_VERSION >= 132382 && defined __i386__ +# define __ASSUME_SET_THREAD_AREA_SYSCALL 1 +#endif + /* There are an infinite number of PA-RISC kernel versions numbered 2.4.0. But they've not really been released as such. We require and expect the final version here. */