This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] malloc/hooks.c: Correct check for overflow in memalign_check.

From: Alexander Monakov <amonakov at ispras dot ru>
To: Will Newton <will dot newton at linaro dot org>
Cc: libc-alpha at sourceware dot org, patches at linaro dot org
Date: Wed, 9 Oct 2013 18:15:25 +0400 (MSK)
Subject: Re: [PATCH] malloc/hooks.c: Correct check for overflow in memalign_check.
Authentication-results: sourceware.org; auth=none
References: <52555E49 dot 4050506 at linaro dot org>

On Wed, 9 Oct 2013, Will Newton wrote:
> +  /* Check for overflow.  */
> +  if (bytes > SIZE_MAX - alignment - MINSIZE)

At this point no upper bound is established on the value of 'alignment', so
the test may pass when 'alignment' is so large that right-hand side
overflows.

(also, when 'alignment' is larger than SIZE_MAX/2+1, _int_memalign enters an
infinite loop)

Alexander

Follow-Ups:
- Re: [PATCH] malloc/hooks.c: Correct check for overflow in memalign_check.
  - From: Will Newton

References:
- [PATCH] malloc/hooks.c: Correct check for overflow in memalign_check.
  - From: Will Newton

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]