Changeset 51defd92 in rtems


Ignore:
Timestamp:
Apr 20, 2021, 5:30:35 PM (2 months ago)
Author:
Sebastian Huber <sebastian.huber@…>
Branches:
master
Children:
2a24f99d
Parents:
6c66bbb
git-author:
Sebastian Huber <sebastian.huber@…> (04/20/21 17:30:35)
git-committer:
Sebastian Huber <sebastian.huber@…> (04/20/21 18:33:03)
Message:

Fix calloc() behaviour in case of overflow

The multiplication to calculate the length of the memory area to
allocate may overflow. Return NULL in case of an overflow.

Close #4389.

Files:
3 edited

Legend:

Unmodified
Added
Removed
  • cpukit/libcsupport/src/calloc.c

    r6c66bbb r51defd92  
    2121#if defined(RTEMS_NEWLIB) && !defined(HAVE_CALLOC)
    2222#include <stdlib.h>
     23
     24#include <errno.h>
    2325#include <string.h>
     26
    2427#include <rtems/score/basedefs.h>
    2528
     
    3235  size_t  length;
    3336
    34   length = nelem * elsize;
     37  if ( nelem == 0 ) {
     38    length = 0;
     39  } else if ( elsize > SIZE_MAX / nelem ) {
     40    errno = ENOMEM;
     41    return NULL;
     42  } else {
     43    length = nelem * elsize;
     44  }
     45
    3546  cptr = malloc( length );
    3647  RTEMS_OBFUSCATE_VARIABLE( cptr );
  • cpukit/libcsupport/src/rtemscalloc.c

    r6c66bbb r51defd92  
    4747  void   *p;
    4848
    49   length = nelem * elsize;
     49  if ( nelem == 0 ) {
     50    length = 0;
     51  } else if ( elsize > SIZE_MAX / nelem ) {
     52    return NULL;
     53  } else {
     54    length = nelem * elsize;
     55  }
     56
    5057  p = rtems_malloc( length );
    5158  RTEMS_OBFUSCATE_VARIABLE( p );
  • testsuites/libtests/malloctest/init.c

    r6c66bbb r51defd92  
    11911191  rtems_test_assert(errno == 0);
    11921192
     1193#pragma GCC diagnostic push
     1194#pragma GCC diagnostic ignored "-Walloc-size-larger-than=N"
     1195  errno = 0;
     1196  p = rtems_calloc(SIZE_MAX, SIZE_MAX);
     1197  rtems_test_assert(p == NULL);
     1198  rtems_test_assert(errno == 0);
     1199#pragma GCC diagnostic pop
     1200
    11931201  i = rtems_calloc(1, sizeof(*i));
    11941202  rtems_test_assert(i != NULL);
     
    13141322#pragma GCC diagnostic ignored "-Walloc-size-larger-than=N"
    13151323  p1 = calloc( 1, SIZE_MAX );
     1324  rtems_test_assert( p1 == NULL );
     1325
     1326  p1 = calloc( SIZE_MAX, SIZE_MAX );
     1327  rtems_test_assert( p1 == NULL );
    13161328#pragma GCC diagnostic pop
    1317   if (p1) {
    1318     printf("ERROR on attempt to calloc SIZE_MAX block expected failure.");
    1319     free( p1 );
    1320   }
    13211329
    13221330  /*
     
    13241332   */
    13251333  p1 = malloc( 0 );
    1326   if (p1) {
    1327     printf("ERROR on attempt to malloc size 0 block expected failure.");
    1328     free( p1 );
    1329   }
    1330 
    1331 
     1334  rtems_test_assert( p1 == NULL );
    13321335
    13331336  test_heap_initialize();
Note: See TracChangeset for help on using the changeset viewer.