This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.18-281-g321e268
- From: willnewton at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 10 Oct 2013 13:54:46 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.18-281-g321e268
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 321e26847188300173a5dc0ca42c2ff7b9bf7a78 (commit)
from 40fefba1b5b05d05a3a4b48796a1006db90d8f74 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=321e26847188300173a5dc0ca42c2ff7b9bf7a78
commit 321e26847188300173a5dc0ca42c2ff7b9bf7a78
Author: Will Newton <will.newton@linaro.org>
Date: Wed Oct 9 14:41:57 2013 +0100
malloc/hooks.c: Correct check for overflow in memalign_check.
A large value of bytes passed to memalign_check can cause an integer
overflow in _int_memalign and heap corruption. This issue can be
exposed by running tst-memalign with MALLOC_CHECK_=3.
ChangeLog:
2013-10-10 Will Newton <will.newton@linaro.org>
* malloc/hooks.c (memalign_check): Ensure the value of bytes
passed to _int_memalign does not overflow.
diff --git a/ChangeLog b/ChangeLog
index 1291b75..66780cb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-10-10 Will Newton <will.newton@linaro.org>
+
+ * malloc/hooks.c (memalign_check): Ensure the value of bytes
+ passed to _int_memalign does not overflow.
+
2013-10-10 Torvald Riegel <triegel@redhat.com>
* scripts/bench.pl: Add include-sources directive.
diff --git a/malloc/hooks.c b/malloc/hooks.c
index 8c25846..3f663bb 100644
--- a/malloc/hooks.c
+++ b/malloc/hooks.c
@@ -361,10 +361,13 @@ memalign_check(size_t alignment, size_t bytes, const void *caller)
if (alignment <= MALLOC_ALIGNMENT) return malloc_check(bytes, NULL);
if (alignment < MINSIZE) alignment = MINSIZE;
- if (bytes+1 == 0) {
- __set_errno (ENOMEM);
- return NULL;
- }
+ /* Check for overflow. */
+ if (bytes > SIZE_MAX - alignment - MINSIZE)
+ {
+ __set_errno (ENOMEM);
+ return 0;
+ }
+
(void)mutex_lock(&main_arena.mutex);
mem = (top_check() >= 0) ? _int_memalign(&main_arena, alignment, bytes+1) :
NULL;
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 5 +++++
malloc/hooks.c | 11 +++++++----
2 files changed, 12 insertions(+), 4 deletions(-)
hooks/post-receive
--
GNU C Library master sources