+2007-07-01 Jakub Jelinek <jakub@redhat.com>
+
+ * elf/dl-sysdep.c (_dl_important_hwcaps): Add integer overflow check.
+ * elf/dl-minimal.c (__libc_memalign): Likewise. Handle malloc (0).
+ Return NULL if mmap failed instead of asserting it does not.
+ (calloc): Check for integer overflow.
+
+ * elf/dl-minimal.c (__strtoul_internal): Fix parsing of numbers bigger
+ than LONG_MAX / 10.
+
2007-07-03 Jakub Jelinek <jakub@redhat.com>
[BZ #4702]
alloc_ptr = (void *) 0 + (((alloc_ptr - (void *) 0) + align - 1)
& ~(align - 1));
- if (alloc_ptr + n >= alloc_end)
+ if (alloc_ptr + n >= alloc_end || n >= -(uintptr_t) alloc_ptr)
{
/* Insufficient space left; allocate another page. */
caddr_t page;
size_t nup = (n + GLRO(dl_pagesize) - 1) & ~(GLRO(dl_pagesize) - 1);
+ if (__builtin_expect (nup == 0, 0))
+ {
+ if (n)
+ return NULL;
+ nup = GLRO(dl_pagesize);
+ }
page = __mmap (0, nup, PROT_READ|PROT_WRITE,
MAP_ANON|MAP_PRIVATE, _dl_zerofd, 0);
- assert (page != MAP_FAILED);
+ if (page == MAP_FAILED)
+ return NULL;
if (page != alloc_end)
alloc_ptr = page;
alloc_end = page + nup;
/* New memory from the trivial malloc above is always already cleared.
(We make sure that's true in the rare occasion it might not be,
by clearing memory in free, below.) */
- return malloc (nmemb * size);
+ size_t bytes = nmemb * size;
+
+#define HALF_SIZE_T (((size_t) 1) << (8 * sizeof (size_t) / 2))
+ if (__builtin_expect ((nmemb | size) >= HALF_SIZE_T, 0)
+ && size != 0 && bytes / size != nmemb)
+ return NULL;
+
+ return malloc (bytes);
}
/* This will rarely be called. */
while (*nptr >= '0' && *nptr <= '9')
{
unsigned long int digval = *nptr - '0';
- if (result > LONG_MAX / 10
+ if (result > ULONG_MAX / 10
|| (result == ULONG_MAX / 10 && digval > ULONG_MAX % 10))
{
errno = ERANGE;
/* Operating system support for run-time dynamic linker. Generic Unix version.
- Copyright (C) 1995-1998, 2000-2005, 2006 Free Software Foundation, Inc.
+ Copyright (C) 1995-1998, 2000-2006, 2007 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
total = temp[0].len + 1;
else
{
- total = (1UL << (cnt - 2)) * (temp[0].len + temp[cnt - 1].len + 2);
- for (n = 1; n + 1 < cnt; ++n)
- total += (1UL << (cnt - 3)) * (temp[n].len + 1);
+ total = temp[0].len + temp[cnt - 1].len + 2;
+ if (cnt > 2)
+ {
+ total <<= 1;
+ for (n = 1; n + 1 < cnt; ++n)
+ total += temp[n].len + 1;
+ if (cnt > 3
+ && (cnt >= sizeof (size_t) * 8
+ || total + (sizeof (*result) << 3)
+ >= (1UL << (sizeof (size_t) * 8 - cnt + 3))))
+ _dl_signal_error (ENOMEM, NULL, NULL,
+ N_("Xcannot create capability list"));
+
+ total <<= cnt - 3;
+ }
}
/* The result structure: we use a very compressed way to store the
projects / thirdparty / glibc.git / commitdiff
