aboutsummaryrefslogtreecommitdiff
path: root/nscd/getpwuid_r.c
diff options
context:
space:
mode:
authorArjun Shankar <arjun.is@lostca.se>2018-01-18 16:47:06 +0000
committerArjun Shankar <arjun@redhat.com>2018-01-18 17:55:45 +0100
commit8e448310d74b283c5cd02b9ed7fb997b47bf9b22 (patch)
treea5cb99be6773177cf14683cbf10ecbc34a7dc82c /nscd/getpwuid_r.c
parent80647883cf5847c8b6b0197e9703eb04222496b6 (diff)
downloadglibc-8e448310d74b283c5cd02b9ed7fb997b47bf9b22.tar
glibc-8e448310d74b283c5cd02b9ed7fb997b47bf9b22.tar.gz
glibc-8e448310d74b283c5cd02b9ed7fb997b47bf9b22.tar.bz2
glibc-8e448310d74b283c5cd02b9ed7fb997b47bf9b22.zip
Fix integer overflows in internal memalign and malloc functions [BZ #22343]
When posix_memalign is called with an alignment less than MALLOC_ALIGNMENT and a requested size close to SIZE_MAX, it falls back to malloc code (because the alignment of a block returned by malloc is sufficient to satisfy the call). In this case, an integer overflow in _int_malloc leads to posix_memalign incorrectly returning successfully. Upon fixing this and writing a somewhat thorough regression test, it was discovered that when posix_memalign is called with an alignment larger than MALLOC_ALIGNMENT (so it uses _int_memalign instead) and a requested size close to SIZE_MAX, a different integer overflow in _int_memalign leads to posix_memalign incorrectly returning successfully. Both integer overflows affect other memory allocation functions that use _int_malloc (one affected malloc in x86) or _int_memalign as well. This commit fixes both integer overflows. In addition to this, it adds a regression test to guard against false successful allocations by the following memory allocation functions when called with too-large allocation sizes and, where relevant, various valid alignments: malloc, realloc, calloc, reallocarray, memalign, posix_memalign, aligned_alloc, valloc, and pvalloc.
Diffstat (limited to 'nscd/getpwuid_r.c')
0 files changed, 0 insertions, 0 deletions