From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2155) id 0C90938515D9; Wed, 26 Jan 2022 12:14:21 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0C90938515D9 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Corinna Vinschen To: newlib-cvs@sourceware.org Subject: [newlib-cygwin] Fix null-pointer dereference in nano-malloc X-Act-Checkin: newlib-cygwin X-Git-Author: Cyril Yared X-Git-Refname: refs/heads/master X-Git-Oldrev: 43ab30fbd50cd6394b6b6950647ce2c243fa80c5 X-Git-Newrev: 73d515fcfecd1004ccffef8fcd0c7223b9eec6ab Message-Id: <20220126121421.0C90938515D9@sourceware.org> Date: Wed, 26 Jan 2022 12:14:21 +0000 (GMT) X-BeenThere: newlib-cvs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Newlib GIT logs List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jan 2022 12:14:21 -0000 https://sourceware.org/git/gitweb.cgi?p=3Dnewlib-cygwin.git;h=3D73d515fcfec= d1004ccffef8fcd0c7223b9eec6ab commit 73d515fcfecd1004ccffef8fcd0c7223b9eec6ab Author: Cyril Yared Date: Tue Jan 25 07:44:10 2022 -0800 Fix null-pointer dereference in nano-malloc =20 If p is NULL, then the free_list is empty and we should return the correct failure values. Diff: --- newlib/libc/stdlib/nano-mallocr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/newlib/libc/stdlib/nano-mallocr.c b/newlib/libc/stdlib/nano-ma= llocr.c index 6fb08a616..0c5fb2885 100644 --- a/newlib/libc/stdlib/nano-mallocr.c +++ b/newlib/libc/stdlib/nano-mallocr.c @@ -322,7 +322,7 @@ void * nano_malloc(RARG malloc_size_t s) r=3Dr->next; } =20 - if ((char *)p + p->size =3D=3D (char *)_SBRK_R(RCALL 0)) + if (p !=3D NULL && (char *)p + p->size =3D=3D (char *)_SBRK_R(= RCALL 0)) { /* The last free item has the heap end as neighbour. * Let's ask for a smaller amount and merge */