2017-11-30 Arjun Shankar [BZ #22375] CVE-2017-17426 * malloc/malloc.c (__libc_malloc): Use checked_request2size instead of request2size. Index: glibc-2.26/malloc/malloc.c =================================================================== --- glibc-2.26.orig/malloc/malloc.c +++ glibc-2.26/malloc/malloc.c @@ -3052,7 +3052,8 @@ __libc_malloc (size_t bytes) return (*hook)(bytes, RETURN_ADDRESS (0)); #if USE_TCACHE /* int_free also calls request2size, be careful to not pad twice. */ - size_t tbytes = request2size (bytes); + size_t tbytes; + checked_request2size (bytes, tbytes); size_t tc_idx = csize2tidx (tbytes); MAYBE_INIT_TCACHE ();