]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 92fcb74)
Check for overflow in jemalloc_shim
authorTony Finch <fanf@isc.org>
Tue, 6 Jun 2023 14:20:44 +0000 (15:20 +0100)
committerOndřej Surý <ondrej@isc.org>
Tue, 27 Jun 2023 10:38:09 +0000 (12:38 +0200)
When compiled using a malloc that lacks an equivalent to sallocx(),
the jemalloc_shim adds a size prefix to each allocation. We must check
that this does not overflow.

Closes #4121

lib/isc/jemalloc_shim.h patch | blob | blame | history

diff --git a/lib/isc/jemalloc_shim.h b/lib/isc/jemalloc_shim.h
index 0edb09267d9881c2ac4fc25d7efa72a8d08924b1..94df92418b560dc7b083e0d949d6efe98a7823c9 100644 (file)
--- a/lib/isc/jemalloc_shim.h
+++ b/lib/isc/jemalloc_shim.h
@@ -118,7 +118,8 @@ static inline void *
 mallocx(size_t size, int flags) {
        void *ptr = NULL;
 
-       size_info *si = malloc(size + sizeof(*si));
+       size_t bytes = ISC_CHECKED_ADD(size, sizeof(size_info));
+       size_info *si = malloc(bytes);
        INSIST(si != NULL);
 
        si->size = size;
Mirror of https://gitlab.isc.org/isc-projects/bind9.git