[0/4] Fixes for memory allocation bugs

Message ID 20200811230543.2169774-1-keithp@keithp.com
Headers show
  • Fixes for memory allocation bugs
Related show


Torbjorn SVENSSON via Newlib Aug. 11, 2020, 11:05 p.m.
There are two serious bug fixes here:

 1) Check calloc/reallocarray for overflow in the multiply using
    __builtin_mul_overflow (which exists in gcc and clang). reallocarray
    was using some old BSD code for this, but __builtin_mul_overflow is
    both more efficient and more easily checked for correctness.

 2) nano_realloc was copying too many bytes from the existing
    allocation when increasing the allocation size. This could lead to
    information disclosure, or a crash.

And a couple of minor improvements:

 3) When nano_realloc is shrinking "a lot", re-allocate the
    buffer to make the original memory available.

 4) When nano_realloc is shrinking and the new allocation fails,
    just return the old buffer to avoid having applications see
    unnecessary failures.