1d2596af6f
- fix for malloc()/calloc() overflows (CVE-2012-2673, bnc#765444) OBS-URL: https://build.opensuse.org/request/show/130342 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/gc?expand=0&rev=18
40 lines
1.0 KiB
Diff
40 lines
1.0 KiB
Diff
From 6a93f8e5bcad22137f41b6c60a1c7384baaec2b3 Mon Sep 17 00:00:00 2001
|
|
From: Ivan Maidanski <ivmai@mail.ru>
|
|
Date: Thu, 15 Mar 2012 20:30:11 +0400
|
|
Subject: [PATCH] Fix calloc-related code to prevent SIZE_MAX redefinition in
|
|
sys headers
|
|
|
|
* malloc.c: Include limits.h for SIZE_MAX.
|
|
* malloc.c (SIZE_MAX, calloc): Define GC_SIZE_MAX instead of SIZE_MAX.
|
|
---
|
|
malloc.c | 10 +++++++---
|
|
1 files changed, 7 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/malloc.c b/malloc.c
|
|
index 899d6ff..cb49a5c 100644
|
|
--- a/malloc.c
|
|
+++ b/malloc.c
|
|
@@ -374,12 +374,16 @@ void * malloc(size_t lb)
|
|
}
|
|
#endif /* GC_LINUX_THREADS */
|
|
|
|
-#ifndef SIZE_MAX
|
|
-#define SIZE_MAX (~(size_t)0)
|
|
+#include <limits.h>
|
|
+#ifdef SIZE_MAX
|
|
+# define GC_SIZE_MAX SIZE_MAX
|
|
+#else
|
|
+# define GC_SIZE_MAX (~(size_t)0)
|
|
#endif
|
|
+
|
|
void * calloc(size_t n, size_t lb)
|
|
{
|
|
- if (lb && n > SIZE_MAX / lb)
|
|
+ if (lb && n > GC_SIZE_MAX / lb)
|
|
return NULL;
|
|
# if defined(GC_LINUX_THREADS) /* && !defined(USE_PROC_FOR_LIBRARIES) */
|
|
/* libpthread allocated some memory that is only pointed to by */
|
|
--
|
|
1.7.7
|
|
|