| commit | 015d5b8c1a75b551f7f0215543fac01d55abfc0f | |
| author | Yann Sionneau <yann@sionneau.net> | |
| Sun, 20 Dec 2020 18:15:14 +0000 (20 19:15 +0100) | ||
| committer | Waldemar Brodkorb <wbx@openadk.org> | |
| Wed, 23 Dec 2020 12:39:37 +0000 (23 13:39 +0100) | ||
| tree | 3e05dba60292a9fd46c9eacdec99a7c7d8a2442f | treesnapshot (tar.gz zip) |
| parent | 6993d9378224489b49325bd1fb962f0e8bb935f1 | commitdiff |
stdlib: fix potential UB and integer overflow with huge allocations using malloc-simple allocator
Two things are fixed by this commit:
1/ It is wrong to allocate an object of size > PTRDIFF_MAX.
It is explained in this thread: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63303
2/ There was a possible integer overflow in both malloc() and memalign() implementations
of stdlib/malloc-simple.
The malloc() integer overflow issue is fixed by the side effect of fixing the PTRDIFF_MAX issue.
The memalign() one is fixed by adding a comparison.
Signed-off-by: Yann Sionneau <yann@sionneau.net>
Two things are fixed by this commit:
1/ It is wrong to allocate an object of size > PTRDIFF_MAX.
It is explained in this thread: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63303
2/ There was a possible integer overflow in both malloc() and memalign() implementations
of stdlib/malloc-simple.
The malloc() integer overflow issue is fixed by the side effect of fixing the PTRDIFF_MAX issue.
The memalign() one is fixed by adding a comparison.
Signed-off-by: Yann Sionneau <yann@sionneau.net>
| libc/stdlib/malloc-simple/alloc.c | diffblobblamehistory |