mirror of
git://sourceware.org/git/glibc.git
synced 2024-11-27 03:41:23 +08:00
malloc: Check for integer overflow in memalign.
A large bytes parameter to memalign could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15857] * malloc/malloc.c (__libc_memalign): Check the value of bytes does not overflow.
This commit is contained in:
parent
55e17aadc1
commit
b73ed24778
@ -1,3 +1,9 @@
|
||||
2013-09-11 Will Newton <will.newton@linaro.org>
|
||||
|
||||
[BZ #15857]
|
||||
* malloc/malloc.c (__libc_memalign): Check the value of bytes
|
||||
does not overflow.
|
||||
|
||||
2013-09-11 Will Newton <will.newton@linaro.org>
|
||||
|
||||
[BZ #15856]
|
||||
|
@ -3015,6 +3015,13 @@ __libc_memalign(size_t alignment, size_t bytes)
|
||||
/* Otherwise, ensure that it is at least a minimum chunk size */
|
||||
if (alignment < MINSIZE) alignment = MINSIZE;
|
||||
|
||||
/* Check for overflow. */
|
||||
if (bytes > SIZE_MAX - alignment - MINSIZE)
|
||||
{
|
||||
__set_errno (ENOMEM);
|
||||
return 0;
|
||||
}
|
||||
|
||||
arena_get(ar_ptr, bytes + alignment + MINSIZE);
|
||||
if(!ar_ptr)
|
||||
return 0;
|
||||
|
Loading…
Reference in New Issue
Block a user