[ipfire-2.x.git] / src / patches / glibc / glibc-rh1008310.patch

diff -Nrup a/malloc/malloc.c b/malloc/malloc.c
--- a/malloc/malloc.c	2013-09-23 17:08:33.698331221 -0400
+++ b/malloc/malloc.c	2013-09-23 21:04:25.901270645 -0400
@@ -3879,6 +3879,13 @@ public_mEMALIGn(size_t alignment, size_t
   /* Otherwise, ensure that it is at least a minimum chunk size */
   if (alignment <  MINSIZE) alignment = MINSIZE;
 
+  /* Check for overflow.  */
+  if (bytes > SIZE_MAX - alignment - MINSIZE)
+    {
+      __set_errno (ENOMEM);
+      return 0;
+    }
+
   arena_get(ar_ptr, bytes + alignment + MINSIZE);
   if(!ar_ptr)
     return 0;
@@ -3924,6 +3931,13 @@ public_vALLOc(size_t bytes)
 
   size_t pagesz = mp_.pagesize;
 
+  /* Check for overflow.  */
+  if (bytes > SIZE_MAX - pagesz - MINSIZE)
+    {
+      __set_errno (ENOMEM);
+      return 0;
+    }
+
   __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t,
 					__const __malloc_ptr_t)) =
     force_reg (__memalign_hook);
@@ -3975,6 +3989,13 @@ public_pVALLOc(size_t bytes)
   size_t page_mask = mp_.pagesize - 1;
   size_t rounded_bytes = (bytes + page_mask) & ~(page_mask);
 
+  /* Check for overflow.  */
+  if (bytes > SIZE_MAX - 2*pagesz - MINSIZE)
+    {
+      __set_errno (ENOMEM);
+      return 0;
+    }
+
   __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t,
 					__const __malloc_ptr_t)) =
     force_reg (__memalign_hook);
Commit	Line	Data
bd76bcb8 MT	1	diff -Nrup a/malloc/malloc.c b/malloc/malloc.c
	2	--- a/malloc/malloc.c 2013-09-23 17:08:33.698331221 -0400
	3	+++ b/malloc/malloc.c 2013-09-23 21:04:25.901270645 -0400
	4	@@ -3879,6 +3879,13 @@ public_mEMALIGn(size_t alignment, size_t
	5	/* Otherwise, ensure that it is at least a minimum chunk size */
	6	if (alignment < MINSIZE) alignment = MINSIZE;
	7
	8	+ /* Check for overflow. */
	9	+ if (bytes > SIZE_MAX - alignment - MINSIZE)
	10	+ {
	11	+ __set_errno (ENOMEM);
	12	+ return 0;
	13	+ }
	14	+
	15	arena_get(ar_ptr, bytes + alignment + MINSIZE);
	16	if(!ar_ptr)
	17	return 0;
	18	@@ -3924,6 +3931,13 @@ public_vALLOc(size_t bytes)
	19
	20	size_t pagesz = mp_.pagesize;
	21
	22	+ /* Check for overflow. */
	23	+ if (bytes > SIZE_MAX - pagesz - MINSIZE)
	24	+ {
	25	+ __set_errno (ENOMEM);
	26	+ return 0;
	27	+ }
	28	+
	29	__malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t,
	30	__const __malloc_ptr_t)) =
	31	force_reg (__memalign_hook);
	32	@@ -3975,6 +3989,13 @@ public_pVALLOc(size_t bytes)
	33	size_t page_mask = mp_.pagesize - 1;
	34	size_t rounded_bytes = (bytes + page_mask) & ~(page_mask);
	35
	36	+ /* Check for overflow. */
	37	+ if (bytes > SIZE_MAX - 2*pagesz - MINSIZE)
	38	+ {
	39	+ __set_errno (ENOMEM);
	40	+ return 0;
	41	+ }
	42	+
	43	__malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t,
	44	__const __malloc_ptr_t)) =
	45	force_reg (__memalign_hook);