about summary refs log tree commit diff
path: root/malloc/tst-posix_memalign.c
diff options
context:
space:
mode:
authorWill Newton <will.newton@linaro.org>2013-10-10 13:17:13 +0100
committerWill Newton <will.newton@linaro.org>2013-10-30 14:46:02 -0700
commita56ee40b176d0a3f47f2a7eb75208f2e3763c9fd (patch)
tree02a3f3bc0c86de86bc89f185a8312b9b1a03670d /malloc/tst-posix_memalign.c
parentc6e4925d4069d38843c02994ffd284e8c87c8929 (diff)
downloadglibc-a56ee40b176d0a3f47f2a7eb75208f2e3763c9fd.tar.gz
glibc-a56ee40b176d0a3f47f2a7eb75208f2e3763c9fd.tar.xz
glibc-a56ee40b176d0a3f47f2a7eb75208f2e3763c9fd.zip
malloc: Fix for infinite loop in memalign/posix_memalign.
A very large alignment argument passed to mealign/posix_memalign
causes _int_memalign to enter an infinite loop. Limit the maximum
alignment value to the maximum representable power of two to
prevent this from happening.

Changelog:

2013-10-30  Will Newton  <will.newton@linaro.org>

	[BZ #16038]
	* malloc/hooks.c (memalign_check): Limit alignment to the
	maximum representable power of two.
	* malloc/malloc.c (__libc_memalign): Likewise.
	* malloc/tst-memalign.c (do_test): Add test for very
	large alignment values.
	* malloc/tst-posix_memalign.c (do_test): Likewise.
Diffstat (limited to 'malloc/tst-posix_memalign.c')
-rw-r--r--malloc/tst-posix_memalign.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/malloc/tst-posix_memalign.c b/malloc/tst-posix_memalign.c
index 27c0dd2bd4..7f34e37bd2 100644
--- a/malloc/tst-posix_memalign.c
+++ b/malloc/tst-posix_memalign.c
@@ -65,6 +65,16 @@ do_test (void)
 
   p = NULL;
 
+  /* Test to expose integer overflow in malloc internals from BZ #16038.  */
+  ret = posix_memalign (&p, -1, pagesize);
+
+  if (ret != EINVAL)
+    merror ("posix_memalign (&p, -1, pagesize) succeeded.");
+
+  free (p);
+
+  p = NULL;
+
   /* A zero-sized allocation should succeed with glibc, returning zero
      and setting p to a non-NULL value.  */
   ret = posix_memalign (&p, sizeof (void *), 0);