diff options
| author | Will Newton <will.newton@linaro.org> | 2013-10-10 13:17:13 +0100 |
|---|---|---|
| committer | Will Newton <will.newton@linaro.org> | 2013-10-30 14:46:02 -0700 |
| commit | a56ee40b176d0a3f47f2a7eb75208f2e3763c9fd (patch) | |
| tree | 02a3f3bc0c86de86bc89f185a8312b9b1a03670d /malloc/tst-posix_memalign.c | |
| parent | c6e4925d4069d38843c02994ffd284e8c87c8929 (diff) | |
| download | glibc-a56ee40b176d0a3f47f2a7eb75208f2e3763c9fd.tar.gz glibc-a56ee40b176d0a3f47f2a7eb75208f2e3763c9fd.tar.xz glibc-a56ee40b176d0a3f47f2a7eb75208f2e3763c9fd.zip | |
malloc: Fix for infinite loop in memalign/posix_memalign.
A very large alignment argument passed to mealign/posix_memalign causes _int_memalign to enter an infinite loop. Limit the maximum alignment value to the maximum representable power of two to prevent this from happening. Changelog: 2013-10-30 Will Newton <will.newton@linaro.org> [BZ #16038] * malloc/hooks.c (memalign_check): Limit alignment to the maximum representable power of two. * malloc/malloc.c (__libc_memalign): Likewise. * malloc/tst-memalign.c (do_test): Add test for very large alignment values. * malloc/tst-posix_memalign.c (do_test): Likewise.
Diffstat (limited to 'malloc/tst-posix_memalign.c')
| -rw-r--r-- | malloc/tst-posix_memalign.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/malloc/tst-posix_memalign.c b/malloc/tst-posix_memalign.c index 27c0dd2bd4..7f34e37bd2 100644 --- a/malloc/tst-posix_memalign.c +++ b/malloc/tst-posix_memalign.c @@ -65,6 +65,16 @@ do_test (void) p = NULL; + /* Test to expose integer overflow in malloc internals from BZ #16038. */ + ret = posix_memalign (&p, -1, pagesize); + + if (ret != EINVAL) + merror ("posix_memalign (&p, -1, pagesize) succeeded."); + + free (p); + + p = NULL; + /* A zero-sized allocation should succeed with glibc, returning zero and setting p to a non-NULL value. */ ret = posix_memalign (&p, sizeof (void *), 0); |