Permalink
Browse files

Avoid overflowing allocation size in CallMalloc()

The wraparound could happen if USE_MAGIC_HEADERS is enabled.
  • Loading branch information...
1 parent 2965eca commit 1a759756639ab7543b650a10c2d77a0ffc7a2000 @xiw xiw committed Apr 14, 2012
Showing with 5 additions and 1 deletion.
  1. +5 −1 nedmalloc.c
View
@@ -328,7 +328,11 @@ static FORCEINLINE NEDMALLOCNOALIASATTR NEDMALLOCPTRATTR void *CallMalloc(void *
#if USE_MAGIC_HEADERS
size_t _alignment=alignment;
size_t *_ret=0;
- size+=alignment+3*sizeof(size_t);
+ size_t bytes=size+alignment+3*sizeof(size_t);
+ /* Avoid addition overflow. */
+ if(bytes<size)
+ return 0;
+ size=bytes;
_alignment=0;
#endif
#if USE_ALLOCATOR==0

0 comments on commit 1a75975

Please sign in to comment.