diff options
| author | Ulrich Drepper <drepper@redhat.com> | 2002-08-02 01:27:46 +0000 |
|---|---|---|
| committer | Ulrich Drepper <drepper@redhat.com> | 2002-08-02 01:27:46 +0000 |
| commit | 0950889b810736fe7ad340a13a5ecf76672e1a84 (patch) | |
| tree | 8c30d88ef6a56aaac152ed2c3fb28375bcbd7b0a | |
| parent | d7e1ad053b0d742f4f9c632dc0c5feb8315a5b90 (diff) | |
| download | glibc-0950889b810736fe7ad340a13a5ecf76672e1a84.zip glibc-0950889b810736fe7ad340a13a5ecf76672e1a84.tar.gz glibc-0950889b810736fe7ad340a13a5ecf76672e1a84.tar.bz2 | |
(public_cALLOc): Check for overflow on multiplication.
| -rw-r--r-- | linuxthreads/sysdeps/i386/pspinlock.c | 8 | ||||
| -rw-r--r-- | malloc/malloc.c | 16 | ||||
| -rw-r--r-- | sysdeps/unix/sysv/linux/kernel-features.h | 8 |
3 files changed, 25 insertions, 7 deletions
diff --git a/linuxthreads/sysdeps/i386/pspinlock.c b/linuxthreads/sysdeps/i386/pspinlock.c index 5d24238..bd7c55b 100644 --- a/linuxthreads/sysdeps/i386/pspinlock.c +++ b/linuxthreads/sysdeps/i386/pspinlock.c @@ -1,5 +1,5 @@ /* POSIX spinlock implementation. x86 version. - Copyright (C) 2000 Free Software Foundation, Inc. + Copyright (C) 2000, 2002 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -20,6 +20,8 @@ #include <errno.h> #include <pthread.h> #include "internals.h" +#include "kernel-features.h" + /* This implementation is similar to the one used in the Linux kernel. But the kernel is byte instructions for the memory access. This is @@ -95,3 +97,7 @@ __pthread_spin_destroy (pthread_spinlock_t *lock) return 0; } weak_alias (__pthread_spin_destroy, pthread_spin_destroy) + +#ifndef __ASSUME_SET_THREAD_AREA_SYSCALL +int __have_no_set_thread_area; +#endif diff --git a/malloc/malloc.c b/malloc/malloc.c index cee3f32..cd40626 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -3452,16 +3452,23 @@ public_cALLOc(size_t n, size_t elem_size) { mstate av; mchunkptr oldtop, p; - INTERNAL_SIZE_T sz, csz, oldtopsize; + INTERNAL_SIZE_T bytes, sz, csz, oldtopsize; Void_t* mem; unsigned long clearsize; unsigned long nclears; INTERNAL_SIZE_T* d; - __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, __const __malloc_ptr_t)) = __malloc_hook; + + /* size_t is unsigned so the behavior on overflow is defined. */ + bytes = n * elem_size; + if (bytes / elem_size != n) { + MALLOC_FAILURE_ACTION; + return 0; + } + if (hook != NULL) { - sz = n * elem_size; + sz = bytes; mem = (*hook)(sz, RETURN_ADDRESS (0)); if(mem == 0) return 0; @@ -3473,8 +3480,7 @@ public_cALLOc(size_t n, size_t elem_size) #endif } - /* FIXME: check for overflow on multiplication. */ - sz = n * elem_size; + sz = bytes; arena_get(av, sz); if(!av) diff --git a/sysdeps/unix/sysv/linux/kernel-features.h b/sysdeps/unix/sysv/linux/kernel-features.h index 927701a..3653f73 100644 --- a/sysdeps/unix/sysv/linux/kernel-features.h +++ b/sysdeps/unix/sysv/linux/kernel-features.h @@ -1,6 +1,6 @@ /* Set flags signalling availability of kernel features based on given kernel version number. - Copyright (C) 1999, 2000, 2001 Free Software Foundation, Inc. + Copyright (C) 1999, 2000, 2001, 2002 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -184,6 +184,12 @@ # define __ASSUME_MMAP2_SYSCALL 1 #endif +/* On x86, the set_thread_area syscall was introduced in 2.5.29, but its + semantics was changed in 2.5.30. */ +#if __LINUX_KERNEL_VERSION >= 132382 && defined __i386__ +# define __ASSUME_SET_THREAD_AREA_SYSCALL 1 +#endif + /* There are an infinite number of PA-RISC kernel versions numbered 2.4.0. But they've not really been released as such. We require and expect the final version here. */ |