diff options
author | Ulrich Drepper <drepper@gmail.com> | 2010-10-03 22:27:21 -0400 |
---|---|---|
committer | Ulrich Drepper <drepper@gmail.com> | 2010-10-03 22:27:21 -0400 |
commit | 3b11189345d0080527a76e3bf867da395a1b0261 (patch) | |
tree | 32445ea78afdb52b043d9c9ffa74a3c1d48b1454 | |
parent | 45db99c7d03e497a3320907e722270fb7ee852f3 (diff) | |
download | glibc-3b11189345d0080527a76e3bf867da395a1b0261.tar.gz glibc-3b11189345d0080527a76e3bf867da395a1b0261.tar.xz glibc-3b11189345d0080527a76e3bf867da395a1b0261.zip |
Handle large requests.
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | malloc/mcheck.c | 22 |
2 files changed, 24 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog index c0c1600af9..faf2befa24 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 2010-10-03 Ulrich Drepper <drepper@gmail.com> + [BZ #12005] + * malloc/mcheck.c: Handle large requests. + [BZ #12077] * sysdeps/x86_64/strcmp.S: Fix handling of remaining bytes in buffer for strncmp and strncasecmp. diff --git a/malloc/mcheck.c b/malloc/mcheck.c index 524acc755c..e2eb83f41d 100644 --- a/malloc/mcheck.c +++ b/malloc/mcheck.c @@ -1,5 +1,6 @@ /* Standard debugging hooks for `malloc'. - Copyright (C) 1990-1997,1999,2000-2002,2007 Free Software Foundation, Inc. + Copyright (C) 1990-1997,1999,2000-2002,2007,2010 + Free Software Foundation, Inc. This file is part of the GNU C Library. Written May 1989 by Mike Haertel. @@ -25,6 +26,7 @@ # include <stdint.h> # include <stdio.h> # include <libintl.h> +# include <errno.h> #endif /* Old hook values. */ @@ -209,6 +211,12 @@ mallochook (__malloc_size_t size, const __ptr_t caller) if (pedantic) mcheck_check_all (); + if (size > ~((size_t) 0) - (sizeof (struct hdr) + 1)) + { + __set_errno (ENOMEM); + return NULL; + } + __malloc_hook = old_malloc_hook; if (old_malloc_hook != NULL) hdr = (struct hdr *) (*old_malloc_hook) (sizeof (struct hdr) + size + 1, @@ -241,6 +249,12 @@ memalignhook (__malloc_size_t alignment, __malloc_size_t size, slop = (sizeof *hdr + alignment - 1) & -alignment; + if (size > ~((size_t) 0) - (slop + 1)) + { + __set_errno (ENOMEM); + return NULL; + } + __memalign_hook = old_memalign_hook; if (old_memalign_hook != NULL) block = (*old_memalign_hook) (alignment, slop + size + 1, caller); @@ -276,6 +290,12 @@ reallochook (__ptr_t ptr, __malloc_size_t size, const __ptr_t caller) if (pedantic) mcheck_check_all (); + if (size > ~((size_t) 0) - (sizeof (struct hdr) + 1)) + { + __set_errno (ENOMEM); + return NULL; + } + if (ptr) { hdr = ((struct hdr *) ptr) - 1; |