| Message ID | 52127630.2060803@linaro.org |
|---|---|
| State | Superseded |
| Headers | show
Return-Path: <patchwork-forward+bncBCXPZFGDUEJBBNPMZGIAKGQEYBPNOFI@linaro.org> X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-qc0-f197.google.com (mail-qc0-f197.google.com [209.85.216.197]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 82B852469E for <linaro@patches.linaro.org>; Mon, 19 Aug 2013 19:47:01 +0000 (UTC) Received: by mail-qc0-f197.google.com with SMTP id s1sf1566433qcw.8 for <linaro@patches.linaro.org>; Mon, 19 Aug 2013 12:47:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:delivered-to:message-id:date:from:user-agent :mime-version:to:cc:subject:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-unsubscribe:content-type :content-transfer-encoding; bh=KT545jYKb0BK/sXeeu0q/LFHZakCFNR8Z69oxQtIfhw=; b=nsRY2DtuqRmOxUAA54s66PduLBehQdV4fE1FVtAwFwuBIwsVyDw3W2/hbKCvT+7Ysf 4ZJUkupf4Bz+L6x/rcM8vDLb4pZN131fknAZJSFoYgIFZX1LDUKSGy4SLQSiLTJ0V3bL PkTfuVeW7ggTS1gVjR+UOvlf/49eeUVOAWrsFP1ZDe4wNgtxwnzcJI2fiNRc53WmUug0 I5v+PvrPQF97KbRrjFjw7p0s/fr8GwowyA+R+jaAqHzvBfHzxn6E+1d2stFkfAr0V8CY TNw8D4XDNj+qnJlfLq8PSDirQMLTssKF+I2Wa6chgAIMZuYgfR1UbQgWFCBZKtQl2lj6 xn1A== X-Received: by 10.236.68.2 with SMTP id k2mr4634575yhd.16.1376941621333; Mon, 19 Aug 2013 12:47:01 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.49.4.8 with SMTP id g8ls1873972qeg.67.gmail; Mon, 19 Aug 2013 12:47:01 -0700 (PDT) X-Received: by 10.52.165.45 with SMTP id yv13mr12717918vdb.1.1376941621201; Mon, 19 Aug 2013 12:47:01 -0700 (PDT) Received: from mail-ve0-f175.google.com (mail-ve0-f175.google.com [209.85.128.175]) by mx.google.com with ESMTPS id ix2si2714554vdb.137.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 19 Aug 2013 12:47:01 -0700 (PDT) Received-SPF: neutral (google.com: 209.85.128.175 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.128.175; Received: by mail-ve0-f175.google.com with SMTP id oy10so3332398veb.34 for <patchwork-forward@linaro.org>; Mon, 19 Aug 2013 12:47:01 -0700 (PDT) X-Gm-Message-State: ALoCoQm+mrw6e/lTW5TMn7HzCrhgjTBWle7Jyeyx1+Jd639ja8Hf+WMy81wocLv5ACF6QWgaKdtm X-Received: by 10.58.198.13 with SMTP id iy13mr15119394vec.11.1376941621116; Mon, 19 Aug 2013 12:47:01 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.220.174.196 with SMTP id u4csp114183vcz; Mon, 19 Aug 2013 12:47:00 -0700 (PDT) X-Received: by 10.14.199.3 with SMTP id w3mr25378216een.33.1376941620141; Mon, 19 Aug 2013 12:47:00 -0700 (PDT) Received: from mail-ea0-f170.google.com (mail-ea0-f170.google.com [209.85.215.170]) by mx.google.com with ESMTPS id z8si11020430eee.353.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 19 Aug 2013 12:47:00 -0700 (PDT) Received-SPF: neutral (google.com: 209.85.215.170 is neither permitted nor denied by best guess record for domain of will.newton@linaro.org) client-ip=209.85.215.170; Received: by mail-ea0-f170.google.com with SMTP id h14so2545821eak.1 for <patches@linaro.org>; Mon, 19 Aug 2013 12:46:59 -0700 (PDT) X-Received: by 10.14.225.199 with SMTP id z47mr25477126eep.24.1376941619626; Mon, 19 Aug 2013 12:46:59 -0700 (PDT) Received: from localhost.localdomain (cpc6-seac21-2-0-cust453.7-2.cable.virginmedia.com. [82.1.113.198]) by mx.google.com with ESMTPSA id p5sm19540921eeg.5.1969.12.31.16.00.00 (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 19 Aug 2013 12:46:58 -0700 (PDT) Message-ID: <52127630.2060803@linaro.org> Date: Mon, 19 Aug 2013 20:46:56 +0100 From: Will Newton <will.newton@linaro.org> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130805 Thunderbird/17.0.8 MIME-Version: 1.0 To: libc-alpha@sourceware.org CC: patches@linaro.org Subject: [PATCH 3/7] malloc/malloc.c: Check for integer overflow in memalign. X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: will.newton@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.128.175 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: <patchwork-forward.linaro.org> X-Google-Group-Id: 836684582541 List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, <mailto:patchwork-forward@linaro.org> List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, <mailto:patchwork-forward+help@linaro.org> List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/> List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit |
diff --git a/malloc/malloc.c b/malloc/malloc.c index 9aecc85..8c1aab8 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -3015,6 +3015,10 @@ __libc_memalign(size_t alignment, size_t bytes) /* Otherwise, ensure that it is at least a minimum chunk size */ if (alignment < MINSIZE) alignment = MINSIZE; + /* Check for overflow. */ + if (bytes + alignment + MINSIZE < bytes) + return 0; + arena_get(ar_ptr, bytes + alignment + MINSIZE); if(!ar_ptr) return 0;
A large bytes parameter to memalign could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-08-16 Will Newton <will.newton@linaro.org> * malloc/malloc.c (__libc_memalign): Check the value of bytes does not overflow. --- malloc/malloc.c | 4 ++++ 1 file changed, 4 insertions(+)