glibc/malloc
Arjun Shankar 01ba6f5076 Fix integer overflows in internal memalign and malloc [BZ #22343] [BZ #22774]
When posix_memalign is called with an alignment less than MALLOC_ALIGNMENT
and a requested size close to SIZE_MAX, it falls back to malloc code
(because the alignment of a block returned by malloc is sufficient to
satisfy the call).  In this case, an integer overflow in _int_malloc leads
to posix_memalign incorrectly returning successfully.

Upon fixing this and writing a somewhat thorough regression test, it was
discovered that when posix_memalign is called with an alignment larger than
MALLOC_ALIGNMENT (so it uses _int_memalign instead) and a requested size
close to SIZE_MAX, a different integer overflow in _int_memalign leads to
posix_memalign incorrectly returning successfully.

Both integer overflows affect other memory allocation functions that use
_int_malloc (one affected malloc in x86) or _int_memalign as well.

This commit fixes both integer overflows.  In addition to this, it adds a
regression test to guard against false successful allocations by the
following memory allocation functions when called with too-large allocation
sizes and, where relevant, various valid alignments:
malloc, realloc, calloc, reallocarray, memalign, posix_memalign,
aligned_alloc, valloc, and pvalloc.

(cherry picked from commit 8e448310d7)
2018-02-08 15:47:05 +01:00
..
alloc_buffer_alloc_array.c Implement allocation buffers for internal use 2017-06-21 22:43:57 +02:00
alloc_buffer_allocate.c Implement allocation buffers for internal use 2017-06-21 22:43:57 +02:00
alloc_buffer_copy_bytes.c Implement allocation buffers for internal use 2017-06-21 22:43:57 +02:00
alloc_buffer_copy_string.c Implement allocation buffers for internal use 2017-06-21 22:43:57 +02:00
alloc_buffer_create_failure.c Implement allocation buffers for internal use 2017-06-21 22:43:57 +02:00
arena.c malloc: Remove corrupt arena flag 2017-11-28 19:10:16 +05:30
Depend Update. 1999-10-04 22:59:43 +00:00
dynarray_at_failure.c Add internal facility for dynamic array handling 2017-06-02 11:59:28 +02:00
dynarray_emplace_enlarge.c dynarray: Set errno on overflow-induced allocation failure 2017-09-06 16:13:53 +02:00
dynarray_finalize.c Add internal facility for dynamic array handling 2017-06-02 11:59:28 +02:00
dynarray_resize_clear.c Add internal facility for dynamic array handling 2017-06-02 11:59:28 +02:00
dynarray_resize.c dynarray: Set errno on overflow-induced allocation failure 2017-09-06 16:13:53 +02:00
dynarray-skeleton.c dynarray: Implement begin/end functions in the spirit of C++ 2017-06-13 21:55:10 +02:00
dynarray.h dynarray: Use libc_hidden_proto only for !_ISOMAC 2017-06-19 12:58:08 +02:00
hooks.c Silence -O3 -Wall warning in malloc/hooks.c with GCC 7 [BZ #22052] 2017-12-06 16:15:47 +01:00
Makefile Fix integer overflows in internal memalign and malloc [BZ #22343] [BZ #22774] 2018-02-08 15:47:05 +01:00
malloc-hooks.h Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
malloc-internal.h i386: Increase MALLOC_ALIGNMENT to 16 [BZ #21120] 2017-06-30 09:11:24 -07:00
malloc.c Fix integer overflows in internal memalign and malloc [BZ #22343] [BZ #22774] 2018-02-08 15:47:05 +01:00
malloc.h Add reallocarray function 2017-05-30 18:27:57 -03:00
mallocbug.c Reformat malloc to gnu style. 2014-01-02 09:40:10 +01:00
mcheck-init.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
mcheck.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
mcheck.h Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
memusage.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
memusage.sh Update copyright dates not handled by scripts/update-copyrights. 2017-01-01 00:26:24 +00:00
memusagestat.c Update copyright dates not handled by scripts/update-copyrights. 2017-01-01 00:26:24 +00:00
morecore.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
mtrace.c Assume that O_CLOEXEC is always defined and works 2017-04-18 14:56:51 +02:00
mtrace.pl Update copyright dates not handled by scripts/update-copyrights. 2017-01-01 00:26:24 +00:00
obstack.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
obstack.h Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
reallocarray.c Add reallocarray function 2017-05-30 18:27:57 -03:00
scratch_buffer_grow_preserve.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
scratch_buffer_grow.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
scratch_buffer_set_array_size.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
set-freeres.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
thread-freeres.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-alloc_buffer.c Prevent an implicit int promotion in malloc/tst-alloc_buffer.c 2017-06-26 09:56:26 -03:00
tst-calloc.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-dynarray-at-fail.c Add internal facility for dynamic array handling 2017-06-02 11:59:28 +02:00
tst-dynarray-fail.c Add internal facility for dynamic array handling 2017-06-02 11:59:28 +02:00
tst-dynarray-shared.h dynarray: Implement begin/end functions in the spirit of C++ 2017-06-13 21:55:10 +02:00
tst-dynarray.c dynarray: Set errno on overflow-induced allocation failure 2017-09-06 16:13:53 +02:00
tst-interpose-aux-nothread.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-interpose-aux-thread.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-interpose-aux.c Fix failing test malloc/tst-interpose-nothread with GCC 7. 2017-03-21 16:41:56 +01:00
tst-interpose-aux.h Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-interpose-nothread.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-interpose-skeleton.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-interpose-static-nothread.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-interpose-static-thread.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-interpose-thread.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-malloc-backtrace.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-malloc-fork-deadlock.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-malloc-tcache-leak.c malloc: Fix tcache leak after thread destruction [BZ #22111] 2017-10-06 10:35:30 -07:00
tst-malloc-thread-exit.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-malloc-thread-fail.c Increase some test timeouts. 2017-01-05 17:39:38 +00:00
tst-malloc-too-large.c Fix integer overflows in internal memalign and malloc [BZ #22343] [BZ #22774] 2018-02-08 15:47:05 +01:00
tst-malloc-usable-static-tunables.c Initialize tunable list with the GLIBC_TUNABLES environment variable 2016-12-31 23:49:24 +05:30
tst-malloc-usable-static.c Add framework for tunables 2016-12-31 23:49:24 +05:30
tst-malloc-usable-tunables.c Initialize tunable list with the GLIBC_TUNABLES environment variable 2016-12-31 23:49:24 +05:30
tst-malloc-usable.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-malloc.c Split DIAG_* macros to new header libc-diag.h. 2017-02-25 09:59:46 -05:00
tst-mallocfork2.c Increase some test timeouts. 2017-01-05 17:39:38 +00:00
tst-mallocfork.c * malloc/tst-mallocfork.c (do_test): Make sure sa_flags is 2005-12-06 00:50:15 +00:00
tst-mallocstate.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-mallopt.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-mcheck.c Split DIAG_* macros to new header libc-diag.h. 2017-02-25 09:59:46 -05:00
tst-memalign.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-mtrace.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-mtrace.sh Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-obstack.c Modify several tests to use test-skeleton.c 2014-11-05 15:24:08 +05:30
tst-posix_memalign.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-pvalloc.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-realloc.c tst-realloc: do not check for errno on success [BZ #22611] 2017-12-31 21:21:27 +01:00
tst-reallocarray.c Add reallocarray function 2017-05-30 18:27:57 -03:00
tst-scratch_buffer.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
tst-trim1.c * malloc/tst-trim1.c: New file. 2007-12-16 22:57:57 +00:00
tst-valloc.c Update copyright dates with scripts/update-copyrights. 2017-01-01 00:14:16 +00:00
Versions Implement allocation buffers for internal use 2017-06-21 22:43:57 +02:00