Malloc routines have overflow problems
Tue Aug 6 11:58:00 GMT 2002
Jason Tishler wrote:
> [Please CC me on replies because I'm not subscribed to this list.]
> I would like to revisit the issue that Chris Faylor raised in the
> following post:
> I have stumbled over the same problem with realloc():
> My patch is a "superset" of Chris's and solves the overflow problem in
> both malloc() and realloc(). Is this an acceptable solution? If so,
> then I will gladly supply a ChangeLog entry. If not, what would be?
A check should still be added because if sbrk is used as the underlying mechanism, it takes a signed argument. If you roll over INT_MAX then you will
be passing a negative value to sbrk and thereby asking to release storage. A test could be added in malloc_extend_top to check against MORECORE_MAX
which can be defaulted to INT_MAX.
-- Jeff J.
More information about the Newlib