This is the mail archive of the
newlib@sources.redhat.com
mailing list for the newlib project.
Re: Malloc routines have overflow problems
- From: "J. Johnston" <jjohnstn at redhat dot com>
- To: Jason Tishler <jason at tishler dot net>
- Cc: newlib at sources dot redhat dot com
- Date: Tue, 06 Aug 2002 14:58:08 -0400
- Subject: Re: Malloc routines have overflow problems
- Organization: Red Hat Inc.
- References: <20020731114738.GA1444@tishler.net>
Jason Tishler wrote:
>
> [Please CC me on replies because I'm not subscribed to this list.]
>
> I would like to revisit the issue that Chris Faylor raised in the
> following post:
>
> http://sources.redhat.com/ml/newlib/2002/msg00101.html
>
> I have stumbled over the same problem with realloc():
>
> http://cygwin.com/ml/cygwin-developers/2002-07/msg00124.html
>
> My patch is a "superset" of Chris's and solves the overflow problem in
> both malloc() and realloc(). Is this an acceptable solution? If so,
> then I will gladly supply a ChangeLog entry. If not, what would be?
>
> Thanks,
> Jason
A check should still be added because if sbrk is used as the underlying mechanism, it takes a signed argument. If you roll over INT_MAX then you will
be passing a negative value to sbrk and thereby asking to release storage. A test could be added in malloc_extend_top to check against MORECORE_MAX
which can be defaulted to INT_MAX.
-- Jeff J.