Malloc routines have overflow problems
J. Johnston
jjohnstn@redhat.com
Tue Aug 6 11:58:00 GMT 2002
Jason Tishler wrote:
>
> [Please CC me on replies because I'm not subscribed to this list.]
>
> I would like to revisit the issue that Chris Faylor raised in the
> following post:
>
> http://sources.redhat.com/ml/newlib/2002/msg00101.html
>
> I have stumbled over the same problem with realloc():
>
> http://cygwin.com/ml/cygwin-developers/2002-07/msg00124.html
>
> My patch is a "superset" of Chris's and solves the overflow problem in
> both malloc() and realloc(). Is this an acceptable solution? If so,
> then I will gladly supply a ChangeLog entry. If not, what would be?
>
> Thanks,
> Jason
A check should still be added because if sbrk is used as the underlying mechanism, it takes a signed argument. If you roll over INT_MAX then you will
be passing a negative value to sbrk and thereby asking to release storage. A test could be added in malloc_extend_top to check against MORECORE_MAX
which can be defaulted to INT_MAX.
-- Jeff J.
More information about the Newlib
mailing list