This is the mail archive of the
mailing list for the GCC project.
[PATCH, libfortran] Backport xmallocarray to 4.8/4.9 (CVE-2014-5044)
- From: Janne Blomqvist <blomqvist dot janne at gmail dot com>
- To: GCC Patches <gcc-patches at gcc dot gnu dot org>, Fortran List <fortran at gcc dot gnu dot org>
- Date: Thu, 31 Jul 2014 23:32:12 +0300
- Subject: [PATCH, libfortran] Backport xmallocarray to 4.8/4.9 (CVE-2014-5044)
- Authentication-results: sourceware.org; auth=none
a while ago I committed a patch to trunk adding a function
xmallocarray to libgfortran, which is a malloc wrapper like xmalloc
but has two arguments and does an overflow check before multiplying
Originally I had no intentions of backporting this functionality to
release branches, but subsequently Florian Weimer thought it was
important enough to warrant a CVE number (CVE-2014-5044), so after
some private discussions with Tobias and Jerry we agreed to backport.