This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.
- From: Will Newton <will dot newton at linaro dot org>
- To: Siddhesh Poyarekar <siddhesh dot poyarekar at gmail dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>, Patch Tracking <patches at linaro dot org>, David Miller <davem at davemloft dot net>
- Date: Wed, 11 Sep 2013 11:02:47 +0100
- Subject: Re: [PATCH v3] [BZ #15857] malloc: Check for integer overflow in memalign.
- Authentication-results: sourceware.org; auth=none
- References: <522F1BA7 dot 7070102 at linaro dot org> <CAAHN_R0gdT6M=gq=yTWV5xZ47eEu1iDRQXMKK1sKNk_i-PEVaA at mail dot gmail dot com>
On 10 September 2013 14:34, Siddhesh Poyarekar
<siddhesh.poyarekar@gmail.com> wrote:
> On 10 September 2013 18:46, Will Newton <will.newton@linaro.org> wrote:
>> diff --git a/malloc/malloc.c b/malloc/malloc.c
>> index 3148c5f..f7718a9 100644
>> --- a/malloc/malloc.c
>> +++ b/malloc/malloc.c
>> @@ -3015,6 +3015,13 @@ __libc_memalign(size_t alignment, size_t bytes)
>> /* Otherwise, ensure that it is at least a minimum chunk size */
>> if (alignment < MINSIZE) alignment = MINSIZE;
>>
>> + /* Check for overflow. */
>> + if (bytes > SIZE_MAX - alignment - MINSIZE)
>> + {
>> + __set_errno (ENOMEM);
>> + return 0;
>> + }
>> +
>> arena_get(ar_ptr, bytes + alignment + MINSIZE);
>> if(!ar_ptr)
>> return 0;
>
> Looks OK to me.
Thanks Siddhesh. I've applied the fixes for pvalloc, valloc and memalign.
These patches should also apply cleanly to 2.18, should I cherry pick
them there too?
Also I am not sure if it is worth allocating a CVE number for these
issues - pvalloc and valloc seem very rarely used but memalign and
posix_memalign are more common.
--
Will Newton
Toolchain Working Group, Linaro