1 diff -Nrup a/malloc/malloc.c b/malloc/malloc.c
2 --- a/malloc/malloc.c 2013-09-23 17:08:33.698331221 -0400
3 +++ b/malloc/malloc.c 2013-09-23 21:04:25.901270645 -0400
4 @@ -3879,6 +3879,13 @@ public_mEMALIGn(size_t alignment, size_t
5 /* Otherwise, ensure that it is at least a minimum chunk size */
6 if (alignment < MINSIZE) alignment = MINSIZE;
8 + /* Check for overflow. */
9 + if (bytes > SIZE_MAX - alignment - MINSIZE)
11 + __set_errno (ENOMEM);
15 arena_get(ar_ptr, bytes + alignment + MINSIZE);
18 @@ -3924,6 +3931,13 @@ public_vALLOc(size_t bytes)
20 size_t pagesz = mp_.pagesize;
22 + /* Check for overflow. */
23 + if (bytes > SIZE_MAX - pagesz - MINSIZE)
25 + __set_errno (ENOMEM);
29 __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t,
30 __const __malloc_ptr_t)) =
31 force_reg (__memalign_hook);
32 @@ -3975,6 +3989,13 @@ public_pVALLOc(size_t bytes)
33 size_t page_mask = mp_.pagesize - 1;
34 size_t rounded_bytes = (bytes + page_mask) & ~(page_mask);
36 + /* Check for overflow. */
37 + if (bytes > SIZE_MAX - 2*pagesz - MINSIZE)
39 + __set_errno (ENOMEM);
43 __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t,
44 __const __malloc_ptr_t)) =
45 force_reg (__memalign_hook);