Hi Richard,
On Fri, 2 Aug 2024 at 04:08, Richard Weinberger richard@nod.at wrote:
Since U-Boot does not support memory overcommit we can enforce that the allocation size is within the malloc area. This is a simple and efficient hardening measure to mitigate further integer overflows in dlmalloc.
Signed-off-by: Richard Weinberger richard@nod.at
common/dlmalloc.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/common/dlmalloc.c b/common/dlmalloc.c index c8d1da1cb1..d264fc031a 100644 --- a/common/dlmalloc.c +++ b/common/dlmalloc.c @@ -1274,7 +1274,8 @@ Void_t* mALLOc_impl(bytes) size_t bytes; return NULL; }
- if ((long)bytes < 0) return NULL;
if (bytes > CONFIG_SYS_MALLOC_LEN || (long)bytes < 0)
return NULL;nb = request2size(bytes); /* padded request size; */
@@ -1687,7 +1688,8 @@ Void_t* rEALLOc_impl(oldmem, bytes) Void_t* oldmem; size_t bytes; } #endif
- if ((long)bytes < 0) return NULL;
if (bytes > CONFIG_SYS_MALLOC_LEN || (long)bytes < 0)
return NULL;/* realloc of null is supposed to be same as malloc */ if (oldmem == NULL) return mALLOc_impl(bytes);
@@ -1907,7 +1909,8 @@ Void_t* mEMALIGn_impl(alignment, bytes) size_t alignment; size_t bytes; mchunkptr remainder; /* spare room at end to split off */ long remainder_size; /* its size */
- if ((long)bytes < 0) return NULL;
- if (bytes > CONFIG_SYS_MALLOC_LEN || (long)bytes < 0)
return NULL;#if CONFIG_IS_ENABLED(SYS_MALLOC_F) if (!(gd->flags & GD_FLG_FULL_MALLOC_INIT)) { -- 2.35.3
Reviewed-by: Simon Glass sjg@chromium.org
I wonder if we can get away without the memalign() one since it is calling malloc() always? There is still the request2size() though.
Regards, Simon