This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/12005] malloc(-1ul) segfaults when using mcheck


------- Additional Comments From andrey dot vihrov at gmail dot com  2010-09-11 16:46 -------
With mcheck enabled malloc() and realloc() try to allocate "sizeof (struct hdr)
+ size + 1" instead of the user-specified "size", as seen in mallochook() and
reallochook() in malloc/mcheck.c. However, it is never checked whether the new
value overflows. It seems that checking whether "size" is greater than "SIZE_MAX
- sizeof (struct hdr) - 1" and returning NULL in such case could be a solution.

-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=12005

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]