Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integer overflow in _aligned_offset_malloc #2039

Closed
fweimer opened this issue Aug 15, 2014 · 1 comment
Closed

Integer overflow in _aligned_offset_malloc #2039

fweimer opened this issue Aug 15, 2014 · 1 comment
Labels
fixed-waiting-test
Milestone
2.0.0-rc4

Comments

@fweimer
Copy link

fweimer commented Aug 15, 2014

In winpr/libwinpr/crt/alignment.c::_aligned_offset_malloc(), the size computation passed to malloc can overflow, causing malloc to allocate a buffer which is too small:

 82         /* minimum alignment is pointer size */
 83         if (alignment < sizeof(void*))
 84                 alignment = sizeof(void*);
 85 
 86         /* malloc size + alignment to make sure we can align afterwards */
 87         base = malloc(size + alignment + sizeof(WINPR_ALIGNED_MEM));

In the same function, the comment does not match the following check.

 74         /* alignment must be a power of 2 */
 75         if (alignment % 2 == 1)
 76                 return NULL;
@akallabeth akallabeth added this to the 2.0.0 milestone May 11, 2018
akallabeth added a commit to akallabeth/FreeRDP that referenced this issue Oct 24, 2018
@akallabeth
Fixed FreeRDP#2039: Check for overflow in calculations.
11eb231
@bmiklautz
Copy link
Member

Releated PR #4961

akallabeth added a commit to akallabeth/FreeRDP that referenced this issue Nov 7, 2018
@akallabeth
Fixed FreeRDP#2039: Check for overflow in calculations.
e33be5a
akallabeth added a commit to akallabeth/FreeRDP that referenced this issue Nov 7, 2018
@akallabeth
Fixed FreeRDP#2039: Check for overflow in calculations.
802a792
@mfleisz mfleisz closed this as completed in 71036fe Nov 9, 2018
mfleisz added a commit that referenced this issue Nov 9, 2018
@mfleisz
Merge pull request #4961 from akallabeth/align_malloc_fix
a7f0da2 
Fixed #2039: Check for overflow in calculations.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fixed-waiting-test
Projects
None yet
Milestone
2.0.0-rc4
Development

No branches or pull requests
3 participants
@bmiklautz @fweimer @akallabeth