rpm/glibc
SHA256
1
0
Fork 0
forked from pool/glibc
Code Pull Requests Activity
2a7ebdfb1e
glibc/malloc-tcache-check-overflow.patch
Andreas Schwab 3d1d35fa2b Accepting request 556907 from home:Andreas_Schwab:Factory 
- tst-tlsopt-powerpc.patch: fix tst-tlsopt-powerpc (bcn#1070419)
- powerpc-hwcap-bits.patch: Update HWCAP for powerpc (bnc#1070420)
- malloc-tcache-check-overflow.patch: Fix integer overflow in malloc when
  tcache is enabled (CVE-2017-17426, bnc#1071479, BZ #22375)

OBS-URL: https://build.opensuse.org/request/show/556907
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=487
2017-12-14 10:12:57 +00:00

22 lines
688 B
Diff
Raw Blame History

2017-11-30 Arjun Shankar <arjun@redhat.com>
[BZ #22375]
CVE-2017-17426
* malloc/malloc.c (__libc_malloc): Use checked_request2size
instead of request2size.
Index: glibc-2.26/malloc/malloc.c
===================================================================
--- glibc-2.26.orig/malloc/malloc.c
+++ glibc-2.26/malloc/malloc.c
@@ -3052,7 +3052,8 @@ __libc_malloc (size_t bytes)
return (*hook)(bytes, RETURN_ADDRESS (0));
#if USE_TCACHE
/* int_free also calls request2size, be careful to not pad twice. */
- size_t tbytes = request2size (bytes);
+ size_t tbytes;
+ checked_request2size (bytes, tbytes);
size_t tc_idx = csize2tidx (tbytes);
MAYBE_INIT_TCACHE ();
View Git Blame Copy Permalink