Malloc routines have overflow problems

J. Johnston jjohnstn@redhat.com
Fri Aug 9 14:35:00 GMT 2002


Jason Tishler wrote:
> 
> Jeff,
> 
> On Tue, Aug 06, 2002 at 02:58:08PM -0400, J. Johnston wrote:
> > Jason Tishler wrote:
> > > My patch is a "superset" of Chris's and solves the overflow problem
> > > in both malloc() and realloc().  Is this an acceptable solution?  If
> > > so, then I will gladly supply a ChangeLog entry.  If not, what would
> > > be?
> >
> > A check should still be added because if sbrk is used as the
> > underlying mechanism, it takes a signed argument.  If you roll over
> > INT_MAX then you will be passing a negative value to sbrk and thereby
> > asking to release storage.  A test could be added in malloc_extend_top
> > to check against MORECORE_MAX which can be defaulted to INT_MAX.
> 
> Is the attached, hopefully less intrusive, patch more acceptable?  Or,
> is it just more ugly? :,)
> 

The attached patch is fine.  Patch checked in.

-- Jeff J.



More information about the Newlib mailing list