1d2596af6f
- fix for malloc()/calloc() overflows (CVE-2012-2673, bnc#765444) OBS-URL: https://build.opensuse.org/request/show/130342 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/gc?expand=0&rev=18
33 lines
917 B
Diff
33 lines
917 B
Diff
From e10c1eb9908c2774c16b3148b30d2f3823d66a9a Mon Sep 17 00:00:00 2001
|
|
From: Xi Wang <xi.wang@gmail.com>
|
|
Date: Thu, 15 Mar 2012 04:46:49 +0800
|
|
Subject: [PATCH] Fix calloc() overflow
|
|
|
|
* malloc.c (calloc): Check multiplication overflow in calloc(),
|
|
assuming REDIRECT_MALLOC.
|
|
---
|
|
malloc.c | 5 +++++
|
|
1 files changed, 5 insertions(+), 0 deletions(-)
|
|
|
|
diff --git a/malloc.c b/malloc.c
|
|
index da68f13..cc0cc00 100644
|
|
--- a/malloc.c
|
|
+++ b/malloc.c
|
|
@@ -372,8 +372,13 @@ void * malloc(size_t lb)
|
|
}
|
|
#endif /* GC_LINUX_THREADS */
|
|
|
|
+#ifndef SIZE_MAX
|
|
+#define SIZE_MAX (~(size_t)0)
|
|
+#endif
|
|
void * calloc(size_t n, size_t lb)
|
|
{
|
|
+ if (lb && n > SIZE_MAX / lb)
|
|
+ return NULL;
|
|
# if defined(GC_LINUX_THREADS) /* && !defined(USE_PROC_FOR_LIBRARIES) */
|
|
/* libpthread allocated some memory that is only pointed to by */
|
|
/* mmapped thread stacks. Make sure it's not collectable. */
|
|
--
|
|
1.7.7
|
|
|