lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-08-08 17:42:12 +03:00
Code Activity

malloc: Fix for infinite loop in memalign/posix_memalign.

Browse Source 
A very large alignment argument passed to mealign/posix_memalign
causes _int_memalign to enter an infinite loop. Limit the maximum
alignment value to the maximum representable power of two to
prevent this from happening.

Changelog:

2013-10-30  Will Newton  <will.newton@linaro.org>

	[BZ #16038]
	* malloc/hooks.c (memalign_check): Limit alignment to the
	maximum representable power of two.
	* malloc/malloc.c (__libc_memalign): Likewise.
	* malloc/tst-memalign.c (do_test): Add test for very
	large alignment values.
	* malloc/tst-posix_memalign.c (do_test): Likewise.
This commit is contained in:
Will Newton
2013-10-10 13:17:13 +01:00
parent c6e4925d40
commit a56ee40b17
5 changed files with 51 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
malloc/tst-posix_memalign.c
View File

@@ -65,6 +65,16 @@ do_test (void)
p = NULL;
/* Test to expose integer overflow in malloc internals from BZ #16038. */
ret = posix_memalign (&p, -1, pagesize);
if (ret != EINVAL)
merror ("posix_memalign (&p, -1, pagesize) succeeded.");
free (p);
p = NULL;
/* A zero-sized allocation should succeed with glibc, returning zero
and setting p to a non-NULL value. */
ret = posix_memalign (&p, sizeof (void *), 0);