fluencelabs/musl
1
0
Fork 0
mirror of https://github.com/fluencelabs/musl synced 2025-04-25 15:22:15 +00:00
Code Issues Projects Releases Wiki Activity

fix simple_malloc size restrictions

Browse Source 
do not allow allocations that overflow ptrdiff_t; fix some overflow
checks that were not quite right but didn't matter due to address
layout implementation.
This commit is contained in:
Rich Felker 2011-02-20 16:10:38 -05:00
parent 96f2197494
commit a23baf586a
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/malloc/__simple_malloc.c
View File

@ -15,16 +15,16 @@ void *__simple_malloc(size_t n)
static int lock; static int lock;
size_t align=1; size_t align=1;
if (n < SIZE_MAX - ALIGN) if (n > SIZE_MAX/2) goto toobig;
while (align<n && align<ALIGN)
align += align; while (align<n && align<ALIGN)
align += align;
n = n + align - 1 & -align; n = n + align - 1 & -align;
LOCK(&lock); LOCK(&lock);
if (!cur) cur = brk = __brk(0)+16; if (!cur) cur = brk = __brk(0)+16;
if (n > SIZE_MAX - brk) goto fail;
base = cur + align-1 & -align; base = cur + align-1 & -align;
if (n > SIZE_MAX - PAGE_SIZE - base) goto fail;
if (base+n > brk) { if (base+n > brk) {
new = base+n + PAGE_SIZE-1 & -PAGE_SIZE; new = base+n + PAGE_SIZE-1 & -PAGE_SIZE;
if (__brk(new) != new) goto fail; if (__brk(new) != new) goto fail;
@ -37,6 +37,7 @@ void *__simple_malloc(size_t n)
fail: fail:
UNLOCK(&lock); UNLOCK(&lock);
toobig:
errno = ENOMEM; errno = ENOMEM;
return 0; return 0;
} }