]> git.ipfire.org Git - thirdparty/glibc.git/blobdiff - malloc/hooks.c
projects / thirdparty / glibc.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
malloc: Fix for infinite loop in memalign/posix_memalign.
[thirdparty/glibc.git] / malloc / hooks.c
diff --git a/malloc/hooks.c b/malloc/hooks.c
index 3f663bb6b2e567a4510a3628daae9ee63c5c98be..1dbe93f383bc3a3248bcfb5a086ad842d3f433e1 100644 (file)
--- a/malloc/hooks.c
+++ b/malloc/hooks.c
@@ -361,6 +361,14 @@ memalign_check(size_t alignment, size_t bytes, const void *caller)
   if (alignment <= MALLOC_ALIGNMENT) return malloc_check(bytes, NULL);
   if (alignment <  MINSIZE) alignment = MINSIZE;
 
+  /* If the alignment is greater than SIZE_MAX / 2 + 1 it cannot be a
+     power of 2 and will cause overflow in the check below.  */
+  if (alignment > SIZE_MAX / 2 + 1)
+    {
+      __set_errno (EINVAL);
+      return 0;
+    }
+
   /* Check for overflow.  */
   if (bytes > SIZE_MAX - alignment - MINSIZE)
     {
A mirror of the official glibc repository