diff options
Diffstat (limited to 'core/glibc/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch')
-rw-r--r-- | core/glibc/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/core/glibc/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch b/core/glibc/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch deleted file mode 100644 index 093db86c9..000000000 --- a/core/glibc/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch +++ /dev/null @@ -1,54 +0,0 @@ -diff --git a/malloc/malloc.c b/malloc/malloc.c -index dd295f5..7f43ba3 100644 ---- a/malloc/malloc.c -+++ b/malloc/malloc.c -@@ -3082,6 +3082,13 @@ __libc_pvalloc(size_t bytes) - size_t page_mask = GLRO(dl_pagesize) - 1; - size_t rounded_bytes = (bytes + page_mask) & ~(page_mask); - -+ /* Check for overflow. */ -+ if (bytes > SIZE_MAX - 2*pagesz - MINSIZE) -+ { -+ __set_errno (ENOMEM); -+ return 0; -+ } -+ - void *(*hook) (size_t, size_t, const void *) = - force_reg (__memalign_hook); - if (__builtin_expect (hook != NULL, 0)) -diff --git a/malloc/malloc.c b/malloc/malloc.c -index 7f43ba3..3148c5f 100644 ---- a/malloc/malloc.c -+++ b/malloc/malloc.c -@@ -3046,6 +3046,13 @@ __libc_valloc(size_t bytes) - - size_t pagesz = GLRO(dl_pagesize); - -+ /* Check for overflow. */ -+ if (bytes > SIZE_MAX - pagesz - MINSIZE) -+ { -+ __set_errno (ENOMEM); -+ return 0; -+ } -+ - void *(*hook) (size_t, size_t, const void *) = - force_reg (__memalign_hook); - if (__builtin_expect (hook != NULL, 0)) -diff --git a/malloc/malloc.c b/malloc/malloc.c -index 3148c5f..f7718a9 100644 ---- a/malloc/malloc.c -+++ b/malloc/malloc.c -@@ -3015,6 +3015,13 @@ __libc_memalign(size_t alignment, size_t bytes) - /* Otherwise, ensure that it is at least a minimum chunk size */ - if (alignment < MINSIZE) alignment = MINSIZE; - -+ /* Check for overflow. */ -+ if (bytes > SIZE_MAX - alignment - MINSIZE) -+ { -+ __set_errno (ENOMEM); -+ return 0; -+ } -+ - arena_get(ar_ptr, bytes + alignment + MINSIZE); - if(!ar_ptr) - return 0; |