~mirabilos/klibc/master

Viewing all changes in revision 2181.

  • Committer: Ben Hutchings
  • Date: 2021-04-29 14:01:54 UTC
  • Revision ID: git-v1:a31ae8c508fc8d1bca4f57e9f9f88127572d5202
[klibc] malloc: Fail if requested size > PTRDIFF_MAX

malloc() adds some overhead to the requested size, which may result in
an integer overflow and subsequent buffer overflow if it is close to
SIZE_MAX.  It should fail if size is large enough for this to happen.

Further, it's not legal for a C object to be larger than
PTRDIFF_MAX (half of SIZE_MAX) as pointer arithmetic within it could
overflow.  So return failure immediately if size is greater than that.

CVE-2021-31873

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: