The allocate functions can take an extra size in arguments
used to allocate some variable extta space at the end of the
allocated structure. In the common case this extra size is zero
and if not it should be relatively small. In all cases the total
size must be smaller than the 'chunking factor' (the size of the
block ued t do these allocations).
However, this total size is not tested and all kinds of interesting
failures can be produced if it is too big.
Fix this by adding a test and die in case of failure.
Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@xxxxxxxxx>
---
allocate.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/allocate.c b/allocate.c
index 0cc556307..152fa8964 100644
--- a/allocate.c
+++ b/allocate.c
@@ -103,6 +103,8 @@ void *allocate(struct allocator_struct *desc, unsigned int size)
struct allocation_blob *newblob = blob_alloc(chunking);
if (!newblob)
die("out of memory");
+ if (size > chunking)
+ die("alloc too big");
desc->total_bytes += chunking;
newblob->next = blob;
blob = newblob;
--
2.17.0
--
To unsubscribe from this list: send the line "unsubscribe linux-sparse" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
