On 7/23/24 2:08 AM, Collin Funk wrote:
Hi Chet,
Chet Ramey writes:
/* Use this when we want to be sure that NB is in bucket NU. */
#define RIGHT_BUCKET(nb, nu) \
(((nb) > binsizes[(nu)-1]) && ((nb) <= binsizes[(nu)]))
The right fix here is two-fold: fix the first test here to evalua
Hi Chet,
Chet Ramey writes:
>> /* Use this when we want to be sure that NB is in bucket NU. */
>> #define RIGHT_BUCKET(nb, nu) \
>> (((nb) > binsizes[(nu)-1]) && ((nb) <= binsizes[(nu)]))
>
> The right fix here is two-fold: fix the first test here to evaluate to 0
> if nu == 0, and change t
On 7/19/24 1:06 AM, Collin Funk wrote:
Hi,
In lib/malloc/malloc.c there is a read that occurs 1 or 2 indexes before
the first element in the buffer. The issue is this macro:
Thanks for the report. This affects calls to realloc with size < 64 bytes.
/* Use this when we want to be sure that N
an atleast. I didn't look into
the surrounding code much so a double check would be nice. :)
Collin
>From 4863afd5260e11f05f69adc64c496f6d8bace627 Mon Sep 17 00:00:00 2001
From: Collin Funk
Date: Thu, 18 Jul 2024 21:45:51 -0700
Subject: [PATCH] malloc: fix out-of-bounds read
* lib/ma
