about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS1
-rw-r--r--gmon/gmon.c4
2 files changed, 4 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 715316afe3..40b901a89d 100644
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,7 @@ Security related changes:
 
 The following bugs are resolved with this release:
 
+  [29444] gmon: Fix allocated buffer overflow (bug 29444)
   [30053] time: strftime %s returns -1 after 2038 on 32 bits systems
   [30125] dynamic-link: [regression, bisected] glibc-2.37 creates new
     symlink for libraries without soname
diff --git a/gmon/gmon.c b/gmon/gmon.c
index dee64803ad..bf76358d5b 100644
--- a/gmon/gmon.c
+++ b/gmon/gmon.c
@@ -132,6 +132,8 @@ __monstartup (u_long lowpc, u_long highpc)
   p->lowpc = ROUNDDOWN(lowpc, HISTFRACTION * sizeof(HISTCOUNTER));
   p->highpc = ROUNDUP(highpc, HISTFRACTION * sizeof(HISTCOUNTER));
   p->textsize = p->highpc - p->lowpc;
+  /* This looks like a typo, but it's here to align the p->froms
+     section.  */
   p->kcountsize = ROUNDUP(p->textsize / HISTFRACTION, sizeof(*p->froms));
   p->hashfraction = HASHFRACTION;
   p->log_hashfraction = -1;
@@ -142,7 +144,7 @@ __monstartup (u_long lowpc, u_long highpc)
 	 instead of integer division.  Precompute shift amount. */
       p->log_hashfraction = ffs(p->hashfraction * sizeof(*p->froms)) - 1;
   }
-  p->fromssize = p->textsize / HASHFRACTION;
+  p->fromssize = ROUNDUP(p->textsize / HASHFRACTION, sizeof(*p->froms));
   p->tolimit = p->textsize * ARCDENSITY / 100;
   if (p->tolimit < MINARCS)
     p->tolimit = MINARCS;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-30 09:59:55 +0000