2017-08-30  Florian Weimer  <fweimer@redhat.com>

	* malloc/dynarray_emplace_enlarge.c
	(__libc_dynarray_emplace_enlarge): Set errno on overflow.
	* malloc/dynarray_resize.c (__libc_dynarray_resize): Likewise.
	* malloc/tst-dynarray.c (test_long_overflow): New function.
	(do_test): Call it.

2017-09-06  Florian Weimer  <fweimer@redhat.com>

	* malloc/dynarray_emplace_enlarge.c
	(__libc_dynarray_emplace_enlarge): Add missing else.

Index: glibc-2.26/malloc/dynarray_emplace_enlarge.c
===================================================================
--- glibc-2.26.orig/malloc/dynarray_emplace_enlarge.c
+++ glibc-2.26/malloc/dynarray_emplace_enlarge.c
@@ -17,6 +17,7 @@
    <http://www.gnu.org/licenses/>.  */
 
 #include <dynarray.h>
+#include <errno.h>
 #include <malloc-internal.h>
 #include <stdlib.h>
 #include <string.h>
@@ -32,7 +33,7 @@ __libc_dynarray_emplace_enlarge (struct
          size.  */
       if (element_size < 4)
         new_allocated = 16;
-      if (element_size < 8)
+      else if (element_size < 8)
         new_allocated = 8;
       else
         new_allocated = 4;
@@ -43,8 +44,11 @@ __libc_dynarray_emplace_enlarge (struct
     {
       new_allocated = list->allocated + list->allocated / 2 + 1;
       if (new_allocated <= list->allocated)
-        /* Overflow.  */
-        return false;
+        {
+          /* Overflow.  */
+          __set_errno (ENOMEM);
+          return false;
+        }
     }
 
   size_t new_size;
Index: glibc-2.26/malloc/dynarray_resize.c
===================================================================
--- glibc-2.26.orig/malloc/dynarray_resize.c
+++ glibc-2.26/malloc/dynarray_resize.c
@@ -17,6 +17,7 @@
    <http://www.gnu.org/licenses/>.  */
 
 #include <dynarray.h>
+#include <errno.h>
 #include <malloc-internal.h>
 #include <stdlib.h>
 #include <string.h>
@@ -38,7 +39,11 @@ __libc_dynarray_resize (struct dynarray_
 
   size_t new_size_bytes;
   if (check_mul_overflow_size_t (size, element_size, &new_size_bytes))
-    return false;
+    {
+      /* Overflow.  */
+      __set_errno (ENOMEM);
+      return false;
+    }
   void *new_array;
   if (list->array == scratch)
     {
Index: glibc-2.26/malloc/tst-dynarray.c
===================================================================
--- glibc-2.26.orig/malloc/tst-dynarray.c
+++ glibc-2.26/malloc/tst-dynarray.c
@@ -18,6 +18,9 @@
 
 #include "tst-dynarray-shared.h"
 
+#include <errno.h>
+#include <stdint.h>
+
 #define DYNARRAY_STRUCT dynarray_long
 #define DYNARRAY_ELEMENT long
 #define DYNARRAY_PREFIX dynarray_long_
@@ -463,6 +466,31 @@ test_long_init (void)
   }
 }
 
+/* Test overflow in resize.  */
+static void
+test_long_overflow (void)
+{
+  {
+    struct dynarray_long dyn;
+    dynarray_long_init (&dyn);
+    errno = EINVAL;
+    TEST_VERIFY (!dynarray_long_resize
+                 (&dyn, (SIZE_MAX / sizeof (long)) + 1));
+    TEST_VERIFY (errno == ENOMEM);
+    TEST_VERIFY (dynarray_long_has_failed (&dyn));
+  }
+
+  {
+    struct dynarray_long_noscratch dyn;
+    dynarray_long_noscratch_init (&dyn);
+    errno = EINVAL;
+    TEST_VERIFY (!dynarray_long_noscratch_resize
+                 (&dyn, (SIZE_MAX / sizeof (long)) + 1));
+    TEST_VERIFY (errno == ENOMEM);
+    TEST_VERIFY (dynarray_long_noscratch_has_failed (&dyn));
+  }
+}
+
 /* Test NUL-terminated string construction with the add function and
    the simple finalize function.  */
 static void
@@ -538,6 +566,7 @@ do_test (void)
   test_int ();
   test_str ();
   test_long_init ();
+  test_long_overflow ();
   test_zstr ();
   return 0;
 }