Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[klibc] malloc: Fail if requested size > PTRDIFF_MAX
malloc() adds some overhead to the requested size, which may result in an integer overflow and subsequent buffer overflow if it is close to SIZE_MAX. It should fail if size is large enough for this to happen. Further, it's not legal for a C object to be larger than PTRDIFF_MAX (half of SIZE_MAX) as pointer arithmetic within it could overflow. So return failure immediately if size is greater than that. CVE-2021-31873 Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
- Loading branch information