(align): If the argument SIZE would overflow

__malloc_ptrdiff_t, fail right away.
author: Eli Zaretskii <[email protected]> 2001-04-09 10:53:42 +0000
committer: Eli Zaretskii <[email protected]> 2001-04-09 10:53:42 +0000
commit: ceeb3d7db5c33884003f280ddfaa1c50a70cc7ad (patch)
tree: c1fad19f2d0666c16818560895fdb233c3d9f183 /src/gmalloc.c
parent: 9f9a5e7a8c7650f0c45404cb8762c5eabc57ba79 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/src/gmalloc.c b/src/gmalloc.c
index 751e90baf1..3508304da3 100644
--- a/src/gmalloc.c
+++ b/src/gmalloc.c
@@ -437,7 +437,14 @@ align (size)
   __ptr_t result;
   unsigned long int adj;
 
-  result = (*__morecore) (size);
+  /* align accepts an unsigned argument, but __morecore accepts a
+     signed one.  This could lead to trouble if SIZE overflows a
+     signed int type accepted by __morecore.  We just punt in that
+     case, since they are requesting a ludicrous amount anyway.  */
+  if ((__malloc_ptrdiff_t)size < 0)
+    result = 0;
+  else
+    result = (*__morecore) (size);
   adj = (unsigned long int) ((unsigned long int) ((char *) result -
 						  (char *) NULL)) % BLOCKSIZE;
   if (adj != 0)
author	Eli Zaretskii <[email protected]>	2001-04-09 10:53:42 +0000
committer	Eli Zaretskii <[email protected]>	2001-04-09 10:53:42 +0000
commit	ceeb3d7db5c33884003f280ddfaa1c50a70cc7ad (patch)
tree	c1fad19f2d0666c16818560895fdb233c3d9f183 /src/gmalloc.c
parent	9f9a5e7a8c7650f0c45404cb8762c5eabc57ba79 (diff)