3 Jun
2006
3 Jun
'06
5:18 p.m.
Author: greatlrd
Date: Sat Jun 3 21:18:09 2006
New Revision: 22196
URL: http://svn.reactos.ru/svn/reactos?rev=22196&view=rev
Log:
Fix overflow caltions bugs in varus memmory functions, Thanks irc : Elrond (from TNG) for
fixing calloc overflow bug.
Modified:
trunk/reactos/lib/crt/stdlib/malloc.c
Modified: trunk/reactos/lib/crt/stdlib/malloc.c
URL:
http://svn.reactos.ru/svn/reactos/trunk/reactos/lib/crt/stdlib/malloc.c?rev…
==============================================================================
--- trunk/reactos/lib/crt/stdlib/malloc.c (original)
+++ trunk/reactos/lib/crt/stdlib/malloc.c Sat Jun 3 21:18:09 2006
@@ -36,10 +36,17 @@
*/
void* malloc(size_t _size)
{
+ size_t nSize;
+
if ( _size == 0)
return NULL;
-
- return HeapAlloc(hHeap, 0, ROUND_SIZE(_size));
+
+ nSize = ROUND_SIZE(_size);
+
+ if (nSize<_size)
+ return NULL;
+
+ return HeapAlloc(hHeap, 0, nSize);
}
/*
@@ -54,11 +61,14 @@
* @implemented
*/
void* calloc(size_t _nmemb, size_t _size)
-{
- if ( _size == 0)
- return NULL;
-
- return HeapAlloc(hHeap, HEAP_ZERO_MEMORY, ROUND_SIZE(_nmemb*_size) );
+{
+ size_t nSize = _nmemb * _size;
+ size_t cSize = ROUND_SIZE(nSize);
+
+ if ((_nmemb > ((size_t)-1 / _size) || (nSize == 0) || (cSize<nSize))
+ return NULL;
+
+ return HeapAlloc(hHeap, HEAP_ZERO_MEMORY, cSize );
}
/*
@@ -66,11 +76,18 @@
*/
void* realloc(void* _ptr, size_t _size)
{
+ size_t nSize;
+
if ( _size == 0)
return NULL;
-
+
+ nSize = ROUND_SIZE(_size);
+
+ if (nSize<_size)
+ return NULL;
+
if (!_ptr) return malloc(_size);
- if (_size) return HeapReAlloc(hHeap, 0, _ptr, ROUND_SIZE(_size));
+ if (_size) return HeapReAlloc(hHeap, 0, _ptr, nSize);
free(_ptr);
return NULL;
}
@@ -80,10 +97,17 @@
*/
void* _expand(void* _ptr, size_t _size)
{
+ size_t nSize;
+
if ( _size == 0)
return NULL;
+
+ nSize = ROUND_SIZE(_size);
+
+ if (nSize<_size)
+ return NULL;
- return HeapReAlloc(hHeap, HEAP_REALLOC_IN_PLACE_ONLY, _ptr, ROUND_SIZE(_size));
+ return HeapReAlloc(hHeap, HEAP_REALLOC_IN_PLACE_ONLY, _ptr, nSize);
}
/*