AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-22 13:00:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

malloc: Check for integer overflow in memalign.

Browse Source 
A large bytes parameter to memalign could cause an integer overflow
and corrupt allocator internals. Check the overflow does not occur
before continuing with the allocation.

ChangeLog:

2013-09-11  Will Newton  <will.newton@linaro.org>

	[BZ #15857]
	* malloc/malloc.c (__libc_memalign): Check the value of bytes
	does not overflow.
This commit is contained in:
Will Newton 2013-08-16 12:54:29 +01:00
parent 55e17aadc1
commit b73ed24778
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
2013-09-11 Will Newton <will.newton@linaro.org>
[BZ #15857]
* malloc/malloc.c (__libc_memalign): Check the value of bytes
does not overflow.
2013-09-11 Will Newton <will.newton@linaro.org> 2013-09-11 Will Newton <will.newton@linaro.org>
[BZ #15856] [BZ #15856]

7
malloc/malloc.c
View File

@ -3015,6 +3015,13 @@ __libc_memalign(size_t alignment, size_t bytes)
/* Otherwise, ensure that it is at least a minimum chunk size */ /* Otherwise, ensure that it is at least a minimum chunk size */
if (alignment < MINSIZE) alignment = MINSIZE; if (alignment < MINSIZE) alignment = MINSIZE;
/* Check for overflow. */
if (bytes > SIZE_MAX - alignment - MINSIZE)
{
__set_errno (ENOMEM);
return 0;
}
arena_get(ar_ptr, bytes + alignment + MINSIZE); arena_get(ar_ptr, bytes + alignment + MINSIZE);
if(!ar_ptr) if(!ar_ptr)
return 0; return 0;