This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.18-281-g321e268

From: willnewton at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 10 Oct 2013 13:54:46 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.18-281-g321e268

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  321e26847188300173a5dc0ca42c2ff7b9bf7a78 (commit)
      from  40fefba1b5b05d05a3a4b48796a1006db90d8f74 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=321e26847188300173a5dc0ca42c2ff7b9bf7a78

commit 321e26847188300173a5dc0ca42c2ff7b9bf7a78
Author: Will Newton <will.newton@linaro.org>
Date:   Wed Oct 9 14:41:57 2013 +0100

    malloc/hooks.c: Correct check for overflow in memalign_check.
    
    A large value of bytes passed to memalign_check can cause an integer
    overflow in _int_memalign and heap corruption. This issue can be
    exposed by running tst-memalign with MALLOC_CHECK_=3.
    
    ChangeLog:
    
    2013-10-10  Will Newton  <will.newton@linaro.org>
    
    	* malloc/hooks.c (memalign_check): Ensure the value of bytes
    	passed to _int_memalign does not overflow.

diff --git a/ChangeLog b/ChangeLog
index 1291b75..66780cb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-10-10  Will Newton  <will.newton@linaro.org>
+
+	* malloc/hooks.c (memalign_check): Ensure the value of bytes
+	passed to _int_memalign does not overflow.
+
 2013-10-10  Torvald Riegel  <triegel@redhat.com>
 
 	* scripts/bench.pl: Add include-sources directive.
diff --git a/malloc/hooks.c b/malloc/hooks.c
index 8c25846..3f663bb 100644
--- a/malloc/hooks.c
+++ b/malloc/hooks.c
@@ -361,10 +361,13 @@ memalign_check(size_t alignment, size_t bytes, const void *caller)
   if (alignment <= MALLOC_ALIGNMENT) return malloc_check(bytes, NULL);
   if (alignment <  MINSIZE) alignment = MINSIZE;
 
-  if (bytes+1 == 0) {
-    __set_errno (ENOMEM);
-    return NULL;
-  }
+  /* Check for overflow.  */
+  if (bytes > SIZE_MAX - alignment - MINSIZE)
+    {
+      __set_errno (ENOMEM);
+      return 0;
+    }
+
   (void)mutex_lock(&main_arena.mutex);
   mem = (top_check() >= 0) ? _int_memalign(&main_arena, alignment, bytes+1) :
     NULL;

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog      |    5 +++++
 malloc/hooks.c |   11 +++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]