ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add integer overflow check to the malloc wrappers 

Add a check that the combined size of the buffer to allocate and
alloc_info_t does not exceed the maximum integer value representable
by size_t.
pull/14407/head
Lingkai Dong 2021-03-10 09:37:20 +00:00
parent 866855df5c
commit 4450464fc8
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
platform/source/mbed_alloc_wrappers.cpp
View File

@ -114,7 +114,10 @@ extern "C" void *malloc_wrapper(struct _reent *r, size_t size, void *caller)
#endif
#if MBED_HEAP_STATS_ENABLED
malloc_stats_mutex->lock();
alloc_info_t *alloc_info = (alloc_info_t *)__real__malloc_r(r, size + sizeof(alloc_info_t));
alloc_info_t *alloc_info = NULL;
if (size <= SIZE_MAX - sizeof(alloc_info_t)) {
alloc_info = (alloc_info_t *)__real__malloc_r(r, size + sizeof(alloc_info_t));
}
if (alloc_info != NULL) {
alloc_info->size = size;
alloc_info->signature = MBED_HEAP_STATS_SIGNATURE;
@ -301,7 +304,10 @@ extern "C" void *malloc_wrapper(size_t size, void *caller)
#endif
#if MBED_HEAP_STATS_ENABLED
malloc_stats_mutex->lock();
alloc_info_t *alloc_info = (alloc_info_t *)SUPER_MALLOC(size + sizeof(alloc_info_t));
alloc_info_t *alloc_info = NULL;
if (size <= SIZE_MAX - sizeof(alloc_info_t)) {
alloc_info = (alloc_info_t *)SUPER_MALLOC(size + sizeof(alloc_info_t));
}
if (alloc_info != NULL) {
alloc_info->size = size;
alloc_info->signature = MBED_HEAP_STATS_SIGNATURE;