Malloc routines have overflow problems
J. Johnston
jjohnstn@redhat.com
Fri Aug 9 14:35:00 GMT 2002
Jason Tishler wrote:
>
> Jeff,
>
> On Tue, Aug 06, 2002 at 02:58:08PM -0400, J. Johnston wrote:
> > Jason Tishler wrote:
> > > My patch is a "superset" of Chris's and solves the overflow problem
> > > in both malloc() and realloc(). Is this an acceptable solution? If
> > > so, then I will gladly supply a ChangeLog entry. If not, what would
> > > be?
> >
> > A check should still be added because if sbrk is used as the
> > underlying mechanism, it takes a signed argument. If you roll over
> > INT_MAX then you will be passing a negative value to sbrk and thereby
> > asking to release storage. A test could be added in malloc_extend_top
> > to check against MORECORE_MAX which can be defaulted to INT_MAX.
>
> Is the attached, hopefully less intrusive, patch more acceptable? Or,
> is it just more ugly? :,)
>
The attached patch is fine. Patch checked in.
-- Jeff J.
More information about the Newlib
mailing list