Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Avoid overflowing allocation size in CallMalloc()

The wraparound could happen if USE_MAGIC_HEADERS is enabled.
  • Loading branch information...
commit 1a759756639ab7543b650a10c2d77a0ffc7a2000 1 parent 2965eca
Xi Wang xiw authored

Showing 1 changed file with 5 additions and 1 deletion. Show diff stats Hide diff stats

  1. +5 1 nedmalloc.c
6 nedmalloc.c
@@ -328,7 +328,11 @@ static FORCEINLINE NEDMALLOCNOALIASATTR NEDMALLOCPTRATTR void *CallMalloc(void *
328 328 #if USE_MAGIC_HEADERS
329 329 size_t _alignment=alignment;
330 330 size_t *_ret=0;
331   - size+=alignment+3*sizeof(size_t);
  331 + size_t bytes=size+alignment+3*sizeof(size_t);
  332 + /* Avoid addition overflow. */
  333 + if(bytes<size)
  334 + return 0;
  335 + size=bytes;
332 336 _alignment=0;
333 337 #endif
334 338 #if USE_ALLOCATOR==0

0 comments on commit 1a75975

Please sign in to comment.
Something went wrong with that request. Please try again.