* lib/malloca.c: Include idx.h, intprops.h.
(mmalloca): Check for ptrdiff_t overflow. Since this module uses
_GL_USE_STDLIB_ALLOC, it cannot assume GNU malloc semantics.
* modules/malloca (Depends-on): Add idx, intprops.
---
ChangeLog | 6 ++++++
lib/malloca.c | 8 +++++---
modules/malloca | 2 ++
3 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 1e6cbd07f..e72362077 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
2021-04-21 Paul Eggert <egg...@cs.ucla.edu>
+ malloca: avoid ptrdiff_t overflow
+ * lib/malloca.c: Include idx.h, intprops.h.
+ (mmalloca): Check for ptrdiff_t overflow. Since this module uses
+ _GL_USE_STDLIB_ALLOC, it cannot assume GNU malloc semantics.
+ * modules/malloca (Depends-on): Add idx, intprops.
+
careadlinkat: avoid ptrdiff_t overflow
* lib/careadlinkat.c: Include idx.h, minmax.h.
(readlink_stk): Avoid ptrdiff_t overflow in object allocation.
diff --git a/lib/malloca.c b/lib/malloca.c
index f4ee1563b..4077bf708 100644
--- a/lib/malloca.c
+++ b/lib/malloca.c
@@ -21,6 +21,8 @@
/* Specification. */
#include "malloca.h"
+#include "idx.h"
+#include "intprops.h"
#include "verify.h"
/* The speed critical point in this file is freea() applied to an alloca()
@@ -45,9 +47,9 @@ mmalloca (size_t n)
#if HAVE_ALLOCA
/* Allocate one more word, used to determine the address to pass to freea(),
and room for the alignment ≡ sa_alignment_max mod 2*sa_alignment_max. */
- size_t nplus = n + sizeof (small_t) + 2 * sa_alignment_max - 1;
-
- if (nplus >= n)
+ int plus = sizeof (small_t) + 2 * sa_alignment_max - 1;
+ idx_t nplus;
+ if (!INT_ADD_WRAPV (n, plus, &nplus) && !xalloc_oversized (nplus, 1))
{
char *mem = (char *) malloc (nplus);
diff --git a/modules/malloca b/modules/malloca
index 9b7a3dbd2..346d33251 100644
--- a/modules/malloca
+++ b/modules/malloca
@@ -9,6 +9,8 @@ m4/eealloc.m4
Depends-on:
alloca-opt
+idx
+intprops
stdint
verify
xalloc-oversized
--
2.27.0
