This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[PATCH, libfortran] Backport xmallocarray to 4.8/4.9 (CVE-2014-5044)


Hi,

a while ago I committed a patch to trunk adding a function
xmallocarray to libgfortran, which is a malloc wrapper like xmalloc
but has two arguments and does an overflow check before multiplying
them together.

https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721

Originally I had no intentions of backporting this functionality to
release branches, but subsequently Florian Weimer thought it was
important enough to warrant a CVE number (CVE-2014-5044), so after
some private discussions with Tobias and Jerry we agreed to backport.

http://seclists.org/oss-sec/2014/q3/230

https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01136.html

https://gcc.gnu.org/ml/gcc-cvs/2014-07/msg01135.html


-- 
Janne Blomqvist


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]