diff options
| author | Jeff Johnston <jjohnstn@redhat.com> | 2002-08-09 21:33:29 +0000 |
|---|---|---|
| committer | Jeff Johnston <jjohnstn@redhat.com> | 2002-08-09 21:33:29 +0000 |
| commit | 659e70628ec5090df32224eac99b5d635179d142 (patch) | |
| tree | a56c74ff8ac734340451f7a94d5d108c5a453dbf /newlib | |
| parent | 037240a242b404e18308dd1a60937a5868bed702 (diff) | |
| download | cygnal-659e70628ec5090df32224eac99b5d635179d142.tar.gz cygnal-659e70628ec5090df32224eac99b5d635179d142.tar.bz2 cygnal-659e70628ec5090df32224eac99b5d635179d142.zip | |
2002-08-09 Jason Tishler <jason@tishler.net>
* libc/stdlib/mallocr.c: Include <limits.h>.
(request2size): Change macro to do
unsigned long comparisons and avoid signed overflow.
(mALLOc): Add overflow check for the number of bytes to allocate.
(rEALLOc): Ditto.
Diffstat (limited to 'newlib')
| -rw-r--r-- | newlib/ChangeLog | 8 | ||||
| -rw-r--r-- | newlib/libc/stdlib/mallocr.c | 13 |
2 files changed, 19 insertions, 2 deletions
diff --git a/newlib/ChangeLog b/newlib/ChangeLog index 0fe36466f..40f773f4f 100644 --- a/newlib/ChangeLog +++ b/newlib/ChangeLog @@ -1,3 +1,11 @@ +2002-08-09 Jason Tishler <jason@tishler.net> + + * libc/stdlib/mallocr.c: Include <limits.h>. + (request2size): Change macro to do + unsigned long comparisons and avoid signed overflow. + (mALLOc): Add overflow check for the number of bytes to allocate. + (rEALLOc): Ditto. + 2002-08-09 Jeff Johnston <jjohnstn@redhat.com> * configure.host: Add check for --enable-newlib-io-pos-args diff --git a/newlib/libc/stdlib/mallocr.c b/newlib/libc/stdlib/mallocr.c index 91370056e..89838f656 100644 --- a/newlib/libc/stdlib/mallocr.c +++ b/newlib/libc/stdlib/mallocr.c @@ -271,6 +271,7 @@ extern "C" { #endif #include <stdio.h> /* needed for malloc_stats */ +#include <limits.h> /* needed for overflow checks */ /* @@ -1399,8 +1400,8 @@ nextchunk-> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ /* pad request bytes into a usable size */ #define request2size(req) \ - (((long)((req) + (SIZE_SZ + MALLOC_ALIGN_MASK)) < \ - (long)(MINSIZE + MALLOC_ALIGN_MASK)) ? ((MINSIZE + MALLOC_ALIGN_MASK) & ~(MALLOC_ALIGN_MASK)) : \ + (((unsigned long)((req) + (SIZE_SZ + MALLOC_ALIGN_MASK)) < \ + (unsigned long)(MINSIZE + MALLOC_ALIGN_MASK)) ? ((MINSIZE + MALLOC_ALIGN_MASK) & ~(MALLOC_ALIGN_MASK)) : \ (((req) + (SIZE_SZ + MALLOC_ALIGN_MASK)) & ~(MALLOC_ALIGN_MASK))) /* Check if m has acceptable alignment */ @@ -2333,6 +2334,10 @@ Void_t* mALLOc(RARG bytes) RDECL size_t bytes; INTERNAL_SIZE_T nb = request2size(bytes); /* padded request size; */ + /* Check for overflow and just fail, if so. */ + if (nb > INT_MAX) + return 0; + MALLOC_LOCK; /* Check for exact match in a bin */ @@ -2792,6 +2797,10 @@ Void_t* rEALLOc(RARG oldmem, bytes) RDECL Void_t* oldmem; size_t bytes; nb = request2size(bytes); + /* Check for overflow and just fail, if so. */ + if (nb > INT_MAX) + return 0; + #if HAVE_MMAP if (chunk_is_mmapped(oldp)) { |