pool/gc
SHA256
4
0
Fork 2
Code Pull Requests Activity
gc/0001-Fix-calloc-overflow.patch

33 lines
917 B
Diff
Raw Normal View History

Accepting request 130342 from home:uli_suse:branches:devel:libraries:c_c++ - fix for malloc()/calloc() overflows (CVE-2012-2673, bnc#765444) OBS-URL: https://build.opensuse.org/request/show/130342 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/gc?expand=0&rev=18
2012-08-07 19:22:16 +00:00
From e10c1eb9908c2774c16b3148b30d2f3823d66a9a Mon Sep 17 00:00:00 2001
From: Xi Wang <xi.wang@gmail.com>
Date: Thu, 15 Mar 2012 04:46:49 +0800
Subject: [PATCH] Fix calloc() overflow
* malloc.c (calloc): Check multiplication overflow in calloc(),
assuming REDIRECT_MALLOC.
---
malloc.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/malloc.c b/malloc.c
index da68f13..cc0cc00 100644
--- a/malloc.c
+++ b/malloc.c
@@ -372,8 +372,13 @@ void * malloc(size_t lb)
}
#endif /* GC_LINUX_THREADS */
+#ifndef SIZE_MAX
+#define SIZE_MAX (~(size_t)0)
+#endif
void * calloc(size_t n, size_t lb)
{
+ if (lb && n > SIZE_MAX / lb)
+ return NULL;
# if defined(GC_LINUX_THREADS) /* && !defined(USE_PROC_FOR_LIBRARIES) */
/* libpthread allocated some memory that is only pointed to by */
/* mmapped thread stacks. Make sure it's not collectable. */
--
1.7.7
Copy Permalink