2003-08-19 Jeff Johnston <jjohnstn@redhat.com>

* libc/stdlib/mallocr.c (mALLOc, rEALLOc, mEMEALIGn): Enhance overflow detection.
author: Jeff Johnston <jjohnstn@redhat.com> 2003-08-19 22:09:54 +0400
committer: Jeff Johnston <jjohnstn@redhat.com> 2003-08-19 22:09:54 +0400
commit: 8f0211142c47ce7d96d99ada5c673cbb056bad22 (patch)
tree: 1123232259f0ed4e9111c846d7dd3025d9ebf780 /newlib/libc/stdlib
parent: b16bb18af4f68f701c2394f170a7f4dc60bdddec (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/newlib/libc/stdlib/mallocr.c b/newlib/libc/stdlib/mallocr.c
index 5e104579e..08a3b00fd 100644
--- a/newlib/libc/stdlib/mallocr.c
+++ b/newlib/libc/stdlib/mallocr.c
@@ -2334,7 +2334,7 @@ Void_t* mALLOc(RARG bytes) RDECL size_t bytes;
   INTERNAL_SIZE_T nb  = request2size(bytes);  /* padded request size; */
 
   /* Check for overflow and just fail, if so. */
-  if (nb > INT_MAX)
+  if (nb > INT_MAX || nb < bytes)
     return 0;
 
   MALLOC_LOCK;
@@ -2797,7 +2797,7 @@ Void_t* rEALLOc(RARG oldmem, bytes) RDECL Void_t* oldmem; size_t bytes;
   nb = request2size(bytes);
 
   /* Check for overflow and just fail, if so. */
-  if (nb > INT_MAX)
+  if (nb > INT_MAX || nb < bytes)
     return 0;
 
 #if HAVE_MMAP
@@ -3028,6 +3028,11 @@ Void_t* mEMALIGn(RARG alignment, bytes) RDECL size_t alignment; size_t bytes;
   /* Call malloc with worst case padding to hit alignment. */
 
   nb = request2size(bytes);
+
+  /* Check for overflow. */
+  if (nb > INT_MAX || nb < bytes)
+    return 0;
+
   m  = (char*)(mALLOc(RCALL nb + alignment + MINSIZE));
 
   if (m == 0) return 0; /* propagate failure */
author	Jeff Johnston <jjohnstn@redhat.com>	2003-08-19 22:09:54 +0400
committer	Jeff Johnston <jjohnstn@redhat.com>	2003-08-19 22:09:54 +0400
commit	8f0211142c47ce7d96d99ada5c673cbb056bad22 (patch)
tree	1123232259f0ed4e9111c846d7dd3025d9ebf780 /newlib/libc/stdlib
parent	b16bb18af4f68f701c2394f170a7f4dc60bdddec (diff)