diff --git a/newlib/ChangeLog b/newlib/ChangeLog index 8136a77d4..727d31af0 100644 --- a/newlib/ChangeLog +++ b/newlib/ChangeLog @@ -1,3 +1,8 @@ +2003-08-19 Jeff Johnston + + * libc/stdlib/mallocr.c (mALLOc, rEALLOc, mEMEALIGn): Enhance + overflow detection. + 2003-08-13 Aldy Hernandez * libc/machine/powerpc/machine/stdlib.h: Wrap SPE functions in diff --git a/newlib/libc/stdlib/mallocr.c b/newlib/libc/stdlib/mallocr.c index 5e104579e..08a3b00fd 100644 --- a/newlib/libc/stdlib/mallocr.c +++ b/newlib/libc/stdlib/mallocr.c @@ -2334,7 +2334,7 @@ Void_t* mALLOc(RARG bytes) RDECL size_t bytes; INTERNAL_SIZE_T nb = request2size(bytes); /* padded request size; */ /* Check for overflow and just fail, if so. */ - if (nb > INT_MAX) + if (nb > INT_MAX || nb < bytes) return 0; MALLOC_LOCK; @@ -2797,7 +2797,7 @@ Void_t* rEALLOc(RARG oldmem, bytes) RDECL Void_t* oldmem; size_t bytes; nb = request2size(bytes); /* Check for overflow and just fail, if so. */ - if (nb > INT_MAX) + if (nb > INT_MAX || nb < bytes) return 0; #if HAVE_MMAP @@ -3028,6 +3028,11 @@ Void_t* mEMALIGn(RARG alignment, bytes) RDECL size_t alignment; size_t bytes; /* Call malloc with worst case padding to hit alignment. */ nb = request2size(bytes); + + /* Check for overflow. */ + if (nb > INT_MAX || nb < bytes) + return 0; + m = (char*)(mALLOc(RCALL nb + alignment + MINSIZE)); if (m == 0) return 0; /* propagate failure */