This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] PR other/54411: libiberty: objalloc_alloc integer overflows (CVE-2012-3509)

From: Florian Weimer <fweimer at redhat dot com>
To: Ian Lance Taylor <iant at google dot com>
Cc: gcc-patches at gcc dot gnu dot org
Date: Tue, 18 Sep 2012 10:35:06 +0200
Subject: Re: [PATCH] PR other/54411: libiberty: objalloc_alloc integer overflows (CVE-2012-3509)
References: <876281zjr0.fsf@mid.deneb.enyo.de> <CAKOQZ8x-pM48K5Uo9Bq_wf4EuKzhjwK5H=qhVUh4FyEa2JKGNA@mail.gmail.com> <5056F210.7060404@redhat.com> <CAKOQZ8xcEMTYTqRMXQOcyw2AwgZC+cNokJOC1=oV5_k-t1Rn1w@mail.gmail.com>

On 09/17/2012 05:59 PM, Ian Lance Taylor wrote:

Fair enough. I've added a wraparound check to the macro. Okay for trunk?
  {
+  unsigned long len = original_len;
    /* We avoid confusion from zero sized objects by always allocating
       at least 1 byte.  */
Please add a blank line after the variable declaration.
-     (__len <= __o->current_space					\
+     (__len && __len <= __o->current_space				\
Please write __len != 0 or len > 0.

This is OK with those changes.

Thanks, committed with these changes.

--
Florian Weimer / Red Hat Product Security Team

References:
- Re: [PATCH] PR other/54411: libiberty: objalloc_alloc integer overflows (CVE-2012-3509)
  - From: Ian Lance Taylor
- Re: [PATCH] PR other/54411: libiberty: objalloc_alloc integer overflows (CVE-2012-3509)
  - From: Florian Weimer
- Re: [PATCH] PR other/54411: libiberty: objalloc_alloc integer overflows (CVE-2012-3509)
  - From: Ian Lance Taylor

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]