[edk2-devel] [edk2-libc Patch] StdLib/LibC/StdLib: Handle possible math overflow in malloc()
Rebecca Cran
rebecca at nuviainc.com
Wed Aug 18 22:08:09 UTC 2021
Reviewed-by: Rebecca Cran <rebecca at nuviainc.com>
Not sure the first \n is needed though.
--
Rebecca Cran
On 8/18/21 4:03 PM, Michael D Kinney wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1510
>
> Check for addition overflow in malloc() when computing NodeSize
> and return error if overflow is detected.
>
> Cc: Rebecca Cran <rebecca at nuviainc.com>
> Cc: Yitzhak Briskman <yitzhak.briskman at intel.com>
> Cc: Jian J Wang <jian.j.wang at intel.com>
> Cc: Yonghong Zhu <yonghong.zhu at intel.com>
> Signed-off-by: Michael D Kinney <michael.d.kinney at intel.com>
> ---
> StdLib/LibC/StdLib/Malloc.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/StdLib/LibC/StdLib/Malloc.c b/StdLib/LibC/StdLib/Malloc.c
> index c131b9e..7bf8827 100644
> --- a/StdLib/LibC/StdLib/Malloc.c
> +++ b/StdLib/LibC/StdLib/Malloc.c
> @@ -94,6 +94,12 @@ malloc(size_t Size)
> return NULL;
> }
>
> + if ((Size + sizeof(CPOOL_HEAD)) < Size) {
> + RetVal = NULL;
> + errno = ENOMEM;
> + DEBUG((DEBUG_ERROR, "\nERROR malloc: Size overflow\n"));
> + }
> +
> NodeSize = (UINTN)(Size + sizeof(CPOOL_HEAD));
>
> DEBUG((DEBUG_POOL, "malloc(%d): NodeSz: %d", Size, NodeSize));
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#79540): https://edk2.groups.io/g/devel/message/79540
Mute This Topic: https://groups.io/mt/84983903/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list