* [PATCH v3] [BZ #15856] malloc: Check for integer overflow in valloc.
@ 2013-09-10 13:16 Will Newton
2013-09-10 13:33 ` Siddhesh Poyarekar
0 siblings, 1 reply; 2+ messages in thread
From: Will Newton @ 2013-09-10 13:16 UTC (permalink / raw)
To: libc-ports; +Cc: patches
A large bytes parameter to valloc could cause an integer overflow
and corrupt allocator internals. Check the overflow does not occur
before continuing with the allocation.
ChangeLog:
2013-08-16 Will Newton <will.newton@linaro.org>
[BZ #15856]
* malloc/malloc.c (__libc_valloc): Check the value of bytes
does not overflow.
---
malloc/malloc.c | 7 +++++++
1 file changed, 7 insertions(+)
Changes in v3:
- Reorder if condition
- Set errno appropriately
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 7f43ba3..3148c5f 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3046,6 +3046,13 @@ __libc_valloc(size_t bytes)
size_t pagesz = GLRO(dl_pagesize);
+ /* Check for overflow. */
+ if (bytes > SIZE_MAX - pagesz - MINSIZE)
+ {
+ __set_errno (ENOMEM);
+ return 0;
+ }
+
void *(*hook) (size_t, size_t, const void *) =
force_reg (__memalign_hook);
if (__builtin_expect (hook != NULL, 0))
--
1.8.1.4
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH v3] [BZ #15856] malloc: Check for integer overflow in valloc.
2013-09-10 13:16 [PATCH v3] [BZ #15856] malloc: Check for integer overflow in valloc Will Newton
@ 2013-09-10 13:33 ` Siddhesh Poyarekar
0 siblings, 0 replies; 2+ messages in thread
From: Siddhesh Poyarekar @ 2013-09-10 13:33 UTC (permalink / raw)
To: Will Newton; +Cc: libc-ports, patches
On 10 September 2013 18:46, Will Newton <will.newton@linaro.org> wrote:
>
> A large bytes parameter to valloc could cause an integer overflow
> and corrupt allocator internals. Check the overflow does not occur
> before continuing with the allocation.
>
> ChangeLog:
>
> 2013-08-16 Will Newton <will.newton@linaro.org>
>
> [BZ #15856]
> * malloc/malloc.c (__libc_valloc): Check the value of bytes
> does not overflow.
> ---
> malloc/malloc.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> Changes in v3:
> - Reorder if condition
> - Set errno appropriately
>
> diff --git a/malloc/malloc.c b/malloc/malloc.c
> index 7f43ba3..3148c5f 100644
> --- a/malloc/malloc.c
> +++ b/malloc/malloc.c
> @@ -3046,6 +3046,13 @@ __libc_valloc(size_t bytes)
>
> size_t pagesz = GLRO(dl_pagesize);
>
> + /* Check for overflow. */
> + if (bytes > SIZE_MAX - pagesz - MINSIZE)
> + {
> + __set_errno (ENOMEM);
> + return 0;
> + }
> +
> void *(*hook) (size_t, size_t, const void *) =
> force_reg (__memalign_hook);
> if (__builtin_expect (hook != NULL, 0))
> --
> 1.8.1.4
>
Wrong mailing list, but the patch is OK.
Thanks,
Siddhesh
--
http://siddhesh.in
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-09-10 13:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-09-10 13:16 [PATCH v3] [BZ #15856] malloc: Check for integer overflow in valloc Will Newton
2013-09-10 13:33 ` Siddhesh Poyarekar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).