commit: 811054d8bb60728bb485c007f7961856c9666407
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 6 16:33:49 2025 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Feb 15 01:42:41 2025 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=811054d8
Add overflow checking in malloc, cmalloc
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
libsandbox/memory.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/libsandbox/memory.c b/libsandbox/memory.c
index 69aa972..a23e87a 100644
--- a/libsandbox/memory.c
+++ b/libsandbox/memory.c
@@ -49,9 +49,11 @@ static int sb_munmap(void *addr, size_t length)
void *malloc(size_t size)
{
- size_t *ret;
- size += MIN_ALIGN;
- ret = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0);
+ if (__builtin_add_overflow(size, MIN_ALIGN, &size)) {
+ errno = ENOMEM;
+ return NULL;
+ }
+ size_t *ret = mmap(0, size, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
if (ret == MAP_FAILED)
return NULL;
*ret = size;
@@ -70,9 +72,13 @@ void free(void *ptr)
/* Hrm, implement a zalloc() ? */
void *calloc(size_t nmemb, size_t size)
{
- void *ret = malloc(nmemb * size); /* dont care about overflow */
+ if (__builtin_mul_overflow(nmemb, size, &size)) {
+ errno = ENOMEM;
+ return NULL;
+ }
+ void *ret = malloc(size);
if (ret)
- memset(ret, 0, nmemb * size);
+ memset(ret, 0, size);
return ret;
}
