From 753da60320633bf92bb698ce3767a0d2e6d62a67 Mon Sep 17 00:00:00 2001 From: Poul-Henning Kamp Date: Tue, 18 Mar 1997 07:54:24 +0000 Subject: [PATCH] Check for overflow in size argument. Tested by: Joel Maslak Closes: PR kern/2964 --- lib/libc/stdlib/malloc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c index 6462ad16469..f1eaffe76ed 100644 --- a/lib/libc/stdlib/malloc.c +++ b/lib/libc/stdlib/malloc.c @@ -6,7 +6,7 @@ * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp * ---------------------------------------------------------------------------- * - * $Id$ + * $Id: malloc.c,v 1.21 1997/02/22 15:03:12 peter Exp $ * */ @@ -731,7 +731,9 @@ imalloc(size_t size) if (suicide) abort(); - if (size <= malloc_maxsize) + if ((size + malloc_pagesize) < size) /* Check for overflow */ + result = 0; + else if (size <= malloc_maxsize) result = malloc_bytes(size); else result = malloc_pages(size);