Commit 64756cf2 authored by Laurent Aimar's avatar Laurent Aimar

Fixed a potential integer overflow in block_Alloc().

When the integer overflow happens, the block_t returned will be smaller
than requested.
It partially fixes #5841.
parent 3789e68e
...@@ -106,13 +106,14 @@ block_t *block_Alloc( size_t i_size ) ...@@ -106,13 +106,14 @@ block_t *block_Alloc( size_t i_size )
*/ */
block_sys_t *p_sys; block_sys_t *p_sys;
uint8_t *buf; uint8_t *buf;
#define ALIGN(x) (((x) + BLOCK_ALIGN - 1) & ~(BLOCK_ALIGN - 1)) #define ALIGN(x) (((x) + BLOCK_ALIGN - 1) & ~(BLOCK_ALIGN - 1))
#if 0 /*def HAVE_POSIX_MEMALIGN */ #if 0 /*def HAVE_POSIX_MEMALIGN */
/* posix_memalign(,16,) is much slower than malloc() on glibc. /* posix_memalign(,16,) is much slower than malloc() on glibc.
* -- Courmisch, September 2009, glibc 2.5 & 2.9 */ * -- Courmisch, September 2009, glibc 2.5 & 2.9 */
const size_t i_alloc = ALIGN(sizeof(*p_sys)) + (2 * BLOCK_PADDING) const size_t i_alloc = ALIGN(sizeof(*p_sys)) + (2 * BLOCK_PADDING)
+ ALIGN(i_size); + ALIGN(i_size);
if( unlikely(i_alloc <= i_size) )
return NULL;
void *ptr; void *ptr;
if( posix_memalign( &ptr, BLOCK_ALIGN, i_alloc ) ) if( posix_memalign( &ptr, BLOCK_ALIGN, i_alloc ) )
...@@ -124,6 +125,9 @@ block_t *block_Alloc( size_t i_size ) ...@@ -124,6 +125,9 @@ block_t *block_Alloc( size_t i_size )
#else #else
const size_t i_alloc = sizeof(*p_sys) + BLOCK_ALIGN + (2 * BLOCK_PADDING) const size_t i_alloc = sizeof(*p_sys) + BLOCK_ALIGN + (2 * BLOCK_PADDING)
+ ALIGN(i_size); + ALIGN(i_size);
if( unlikely(i_alloc <= i_size) )
return NULL;
p_sys = malloc( i_alloc ); p_sys = malloc( i_alloc );
if( p_sys == NULL ) if( p_sys == NULL )
return NULL; return NULL;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment