Viewing all changes in revision 2182.
- Committer: Ben Hutchings
- Date: 2021-04-29 14:02:20 UTC
- Revision ID: git-v1:292650f04c2b5348b4efbad61fb014ed09b4f3f2
[klibc] calloc: Fail if multiplication overflows
calloc() multiplies its 2 arguments together and passes the result to
malloc(). Since the factors and product both have type size_t, this
can result in an integer overflow and subsequent buffer overflow.
Check for this and fail if it happens.
CVE-2021-31870
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
calloc() multiplies its 2 arguments together and passes the result to
malloc(). Since the factors and product both have type size_t, this
can result in an integer overflow and subsequent buffer overflow.
Check for this and fail if it happens.
CVE-2021-31870
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
- files modified:
- usr/klibc/calloc.c
expand all
collapse all
added
removed
