[PATCH v3] [BZ #15856] malloc: Check for integer overflow in valloc.

public inbox for libc-ports@sourceware.org
 help / color / mirror / Atom feed

* [PATCH v3] [BZ #15856] malloc: Check for integer overflow in valloc.
@ 2013-09-10 13:16 Will Newton
  2013-09-10 13:33 ` Siddhesh Poyarekar
  0 siblings, 1 reply; 2+ messages in thread
From: Will Newton @ 2013-09-10 13:16 UTC (permalink / raw)
  To: libc-ports; +Cc: patches


A large bytes parameter to valloc could cause an integer overflow
and corrupt allocator internals. Check the overflow does not occur
before continuing with the allocation.

ChangeLog:

2013-08-16  Will Newton  <will.newton@linaro.org>

	[BZ #15856]
	* malloc/malloc.c (__libc_valloc): Check the value of bytes
	does not overflow.
---
 malloc/malloc.c | 7 +++++++
 1 file changed, 7 insertions(+)

Changes in v3:
 - Reorder if condition
 - Set errno appropriately

diff --git a/malloc/malloc.c b/malloc/malloc.c
index 7f43ba3..3148c5f 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3046,6 +3046,13 @@ __libc_valloc(size_t bytes)

   size_t pagesz = GLRO(dl_pagesize);

+  /* Check for overflow.  */
+  if (bytes > SIZE_MAX - pagesz - MINSIZE)
+    {
+      __set_errno (ENOMEM);
+      return 0;
+    }
+
   void *(*hook) (size_t, size_t, const void *) =
     force_reg (__memalign_hook);
   if (__builtin_expect (hook != NULL, 0))
-- 
1.8.1.4

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH v3] [BZ #15856] malloc: Check for integer overflow in valloc.
  2013-09-10 13:16 [PATCH v3] [BZ #15856] malloc: Check for integer overflow in valloc Will Newton
@ 2013-09-10 13:33 ` Siddhesh Poyarekar
  0 siblings, 0 replies; 2+ messages in thread
From: Siddhesh Poyarekar @ 2013-09-10 13:33 UTC (permalink / raw)
  To: Will Newton; +Cc: libc-ports, patches

On 10 September 2013 18:46, Will Newton <will.newton@linaro.org> wrote:
>
> A large bytes parameter to valloc could cause an integer overflow
> and corrupt allocator internals. Check the overflow does not occur
> before continuing with the allocation.
>
> ChangeLog:
>
> 2013-08-16  Will Newton  <will.newton@linaro.org>
>
>         [BZ #15856]
>         * malloc/malloc.c (__libc_valloc): Check the value of bytes
>         does not overflow.
> ---
>  malloc/malloc.c | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> Changes in v3:
>  - Reorder if condition
>  - Set errno appropriately
>
> diff --git a/malloc/malloc.c b/malloc/malloc.c
> index 7f43ba3..3148c5f 100644
> --- a/malloc/malloc.c
> +++ b/malloc/malloc.c
> @@ -3046,6 +3046,13 @@ __libc_valloc(size_t bytes)
>
>    size_t pagesz = GLRO(dl_pagesize);
>
> +  /* Check for overflow.  */
> +  if (bytes > SIZE_MAX - pagesz - MINSIZE)
> +    {
> +      __set_errno (ENOMEM);
> +      return 0;
> +    }
> +
>    void *(*hook) (size_t, size_t, const void *) =
>      force_reg (__memalign_hook);
>    if (__builtin_expect (hook != NULL, 0))
> --
> 1.8.1.4
>

Wrong mailing list, but the patch is OK.

Thanks,
Siddhesh

-- 
http://siddhesh.in

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2013-09-10 13:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-09-10 13:16 [PATCH v3] [BZ #15856] malloc: Check for integer overflow in valloc Will Newton
2013-09-10 13:33 ` Siddhesh Poyarekar

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).