diff options
author | Eli Zaretskii <[email protected]> | 2001-04-09 10:53:42 +0000 |
---|---|---|
committer | Eli Zaretskii <[email protected]> | 2001-04-09 10:53:42 +0000 |
commit | ceeb3d7db5c33884003f280ddfaa1c50a70cc7ad (patch) | |
tree | c1fad19f2d0666c16818560895fdb233c3d9f183 /src/gmalloc.c | |
parent | 9f9a5e7a8c7650f0c45404cb8762c5eabc57ba79 (diff) |
(align): If the argument SIZE would overflow
__malloc_ptrdiff_t, fail right away.
Diffstat (limited to 'src/gmalloc.c')
-rw-r--r-- | src/gmalloc.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/gmalloc.c b/src/gmalloc.c index 751e90baf1..3508304da3 100644 --- a/src/gmalloc.c +++ b/src/gmalloc.c @@ -437,7 +437,14 @@ align (size) __ptr_t result; unsigned long int adj; - result = (*__morecore) (size); + /* align accepts an unsigned argument, but __morecore accepts a + signed one. This could lead to trouble if SIZE overflows a + signed int type accepted by __morecore. We just punt in that + case, since they are requesting a ludicrous amount anyway. */ + if ((__malloc_ptrdiff_t)size < 0) + result = 0; + else + result = (*__morecore) (size); adj = (unsigned long int) ((unsigned long int) ((char *) result - (char *) NULL)) % BLOCKSIZE; if (adj != 0) |