summary refs log tree commit diff
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>2002-08-02 01:27:46 +0000
committerUlrich Drepper <drepper@redhat.com>2002-08-02 01:27:46 +0000
commit0950889b810736fe7ad340a13a5ecf76672e1a84 (patch)
tree8c30d88ef6a56aaac152ed2c3fb28375bcbd7b0a
parentd7e1ad053b0d742f4f9c632dc0c5feb8315a5b90 (diff)
downloadglibc-0950889b810736fe7ad340a13a5ecf76672e1a84.tar.gz
glibc-0950889b810736fe7ad340a13a5ecf76672e1a84.tar.xz
glibc-0950889b810736fe7ad340a13a5ecf76672e1a84.zip
(public_cALLOc): Check for overflow on multiplication.
-rw-r--r--linuxthreads/sysdeps/i386/pspinlock.c8
-rw-r--r--malloc/malloc.c16
-rw-r--r--sysdeps/unix/sysv/linux/kernel-features.h8
3 files changed, 25 insertions, 7 deletions
diff --git a/linuxthreads/sysdeps/i386/pspinlock.c b/linuxthreads/sysdeps/i386/pspinlock.c
index 5d242388aa..bd7c55b2f4 100644
--- a/linuxthreads/sysdeps/i386/pspinlock.c
+++ b/linuxthreads/sysdeps/i386/pspinlock.c
@@ -1,5 +1,5 @@
 /* POSIX spinlock implementation.  x86 version.
-   Copyright (C) 2000 Free Software Foundation, Inc.
+   Copyright (C) 2000, 2002 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -20,6 +20,8 @@
 #include <errno.h>
 #include <pthread.h>
 #include "internals.h"
+#include "kernel-features.h"
+
 
 /* This implementation is similar to the one used in the Linux kernel.
    But the kernel is byte instructions for the memory access.  This is
@@ -95,3 +97,7 @@ __pthread_spin_destroy (pthread_spinlock_t *lock)
   return 0;
 }
 weak_alias (__pthread_spin_destroy, pthread_spin_destroy)
+
+#ifndef __ASSUME_SET_THREAD_AREA_SYSCALL
+int __have_no_set_thread_area;
+#endif
diff --git a/malloc/malloc.c b/malloc/malloc.c
index cee3f322a0..cd40626504 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3452,16 +3452,23 @@ public_cALLOc(size_t n, size_t elem_size)
 {
   mstate av;
   mchunkptr oldtop, p;
-  INTERNAL_SIZE_T sz, csz, oldtopsize;
+  INTERNAL_SIZE_T bytes, sz, csz, oldtopsize;
   Void_t* mem;
   unsigned long clearsize;
   unsigned long nclears;
   INTERNAL_SIZE_T* d;
-
   __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, __const __malloc_ptr_t)) =
     __malloc_hook;
+
+  /* size_t is unsigned so the behavior on overflow is defined.  */
+  bytes = n * elem_size;
+  if (bytes / elem_size != n) {
+    MALLOC_FAILURE_ACTION;
+    return 0;
+  }
+
   if (hook != NULL) {
-    sz = n * elem_size;
+    sz = bytes;
     mem = (*hook)(sz, RETURN_ADDRESS (0));
     if(mem == 0)
       return 0;
@@ -3473,8 +3480,7 @@ public_cALLOc(size_t n, size_t elem_size)
 #endif
   }
 
-  /* FIXME: check for overflow on multiplication.  */
-  sz = n * elem_size;
+  sz = bytes;
 
   arena_get(av, sz);
   if(!av)
diff --git a/sysdeps/unix/sysv/linux/kernel-features.h b/sysdeps/unix/sysv/linux/kernel-features.h
index 927701a662..3653f73618 100644
--- a/sysdeps/unix/sysv/linux/kernel-features.h
+++ b/sysdeps/unix/sysv/linux/kernel-features.h
@@ -1,6 +1,6 @@
 /* Set flags signalling availability of kernel features based on given
    kernel version number.
-   Copyright (C) 1999, 2000, 2001 Free Software Foundation, Inc.
+   Copyright (C) 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -184,6 +184,12 @@
 # define __ASSUME_MMAP2_SYSCALL		1
 #endif
 
+/* On x86, the set_thread_area syscall was introduced in 2.5.29, but its
+   semantics was changed in 2.5.30.  */
+#if __LINUX_KERNEL_VERSION >= 132382 && defined __i386__
+# define __ASSUME_SET_THREAD_AREA_SYSCALL	1
+#endif
+
 /* There are an infinite number of PA-RISC kernel versions numbered
    2.4.0.  But they've not really been released as such.  We require
    and expect the final version here.  */