This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug malloc/19449] New: malloc.c fastbin_index(),smallbin_index() type conversion error

From: "scwuaptx at gmail dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Tue, 12 Jan 2016 18:53:09 +0000
Subject: [Bug malloc/19449] New: malloc.c fastbin_index(),smallbin_index() type conversion error
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=19449

            Bug ID: 19449
           Summary: malloc.c fastbin_index(),smallbin_index() type
                    conversion error
           Product: glibc
           Version: 2.22
            Status: NEW
          Severity: normal
          Priority: P2
         Component: malloc
          Assignee: unassigned at sourceware dot org
          Reporter: scwuaptx at gmail dot com
  Target Milestone: ---

malloc.c

In the fastbin_index() :
      #define fastbin_index(sz) \
     ((((unsigned int) (sz)) >> (SIZE_SZ == 8 ? 4 : 3)) - 2)
In the smallbin_index() :
      #define smallbin_index(sz) \
      ((SMALLBIN_WIDTH == 16 ? (((unsigned) (sz)) >> 4) : (((unsigned) (sz)) >>
3))\
       + SMALLBIN_CORRECTION)

It be used to calculate the index of bin,the "sz" should be "unsigned long". 
I think that it will lead to some checks become weakness.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug malloc/19449] malloc.c fastbin_index(),smallbin_index() type conversion error
  - From: schwab at linux-m68k dot org
- [Bug malloc/19449] malloc.c fastbin_index(),smallbin_index() type conversion error
  - From: scwuaptx at gmail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]