Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
GNOME
libxml2
Commits
897dffba
Commit
897dffba
authored
Jun 06, 2017
by
Nick Wellnhofer
Browse files
Check for integer overflow in memory debug code
Fixes bug 783026. Thanks to Pranjal Jumde for the report.
parent
932cc989
Changes
1
Hide whitespace changes
Inline
Side-by-side
xmlmemory.c
View file @
897dffba
...
...
@@ -172,6 +172,13 @@ xmlMallocLoc(size_t size, const char * file, int line)
TEST_POINT
if
(
size
>
(
MAX_SIZE_T
-
RESERVE_SIZE
))
{
xmlGenericError
(
xmlGenericErrorContext
,
"xmlMallocLoc : Unsigned overflow
\n
"
);
xmlMemoryDump
();
return
(
NULL
);
}
p
=
(
MEMHDR
*
)
malloc
(
RESERVE_SIZE
+
size
);
if
(
!
p
)
{
...
...
@@ -352,6 +359,13 @@ xmlReallocLoc(void *ptr,size_t size, const char * file, int line)
#endif
xmlMutexUnlock
(
xmlMemMutex
);
if
(
size
>
(
MAX_SIZE_T
-
RESERVE_SIZE
))
{
xmlGenericError
(
xmlGenericErrorContext
,
"xmlMallocLoc : Unsigned overflow
\n
"
);
xmlMemoryDump
();
return
(
NULL
);
}
tmp
=
(
MEMHDR
*
)
realloc
(
p
,
RESERVE_SIZE
+
size
);
if
(
!
tmp
)
{
free
(
p
);
...
...
@@ -499,6 +513,13 @@ xmlMemStrdupLoc(const char *str, const char *file, int line)
if
(
!
xmlMemInitialized
)
xmlInitMemory
();
TEST_POINT
if
(
size
>
(
MAX_SIZE_T
-
RESERVE_SIZE
))
{
xmlGenericError
(
xmlGenericErrorContext
,
"xmlMallocLoc : Unsigned overflow
\n
"
);
xmlMemoryDump
();
return
(
NULL
);
}
p
=
(
MEMHDR
*
)
malloc
(
RESERVE_SIZE
+
size
);
if
(
!
p
)
{
goto
error
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment