This is the mail archive of the newlib@sources.redhat.com mailing list for the newlib project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Malloc routines have overflow problems


Jason Tishler wrote:
> 
> [Please CC me on replies because I'm not subscribed to this list.]
> 
> I would like to revisit the issue that Chris Faylor raised in the
> following post:
> 
>     http://sources.redhat.com/ml/newlib/2002/msg00101.html
> 
> I have stumbled over the same problem with realloc():
> 
>     http://cygwin.com/ml/cygwin-developers/2002-07/msg00124.html
> 
> My patch is a "superset" of Chris's and solves the overflow problem in
> both malloc() and realloc().  Is this an acceptable solution?  If so,
> then I will gladly supply a ChangeLog entry.  If not, what would be?
> 
> Thanks,
> Jason

A check should still be added because if sbrk is used as the underlying mechanism, it takes a signed argument.  If you roll over INT_MAX then you will
be passing a negative value to sbrk and thereby asking to release storage.  A test could be added in malloc_extend_top to check against MORECORE_MAX
which can be defaulted to INT_MAX.

-- Jeff J.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]