Author: greatlrd Date: Sat Jun 3 21:18:09 2006 New Revision: 22196
URL: http://svn.reactos.ru/svn/reactos?rev=22196&view=rev Log: Fix overflow caltions bugs in varus memmory functions, Thanks irc : Elrond (from TNG) for fixing calloc overflow bug.
Modified: trunk/reactos/lib/crt/stdlib/malloc.c
Modified: trunk/reactos/lib/crt/stdlib/malloc.c URL: http://svn.reactos.ru/svn/reactos/trunk/reactos/lib/crt/stdlib/malloc.c?rev=... ============================================================================== --- trunk/reactos/lib/crt/stdlib/malloc.c (original) +++ trunk/reactos/lib/crt/stdlib/malloc.c Sat Jun 3 21:18:09 2006 @@ -36,10 +36,17 @@ */ void* malloc(size_t _size) { + size_t nSize; + if ( _size == 0) return NULL; - - return HeapAlloc(hHeap, 0, ROUND_SIZE(_size)); + + nSize = ROUND_SIZE(_size); + + if (nSize<_size) + return NULL; + + return HeapAlloc(hHeap, 0, nSize); }
/* @@ -54,11 +61,14 @@ * @implemented */ void* calloc(size_t _nmemb, size_t _size) -{ - if ( _size == 0) - return NULL; - - return HeapAlloc(hHeap, HEAP_ZERO_MEMORY, ROUND_SIZE(_nmemb*_size) ); +{ + size_t nSize = _nmemb * _size; + size_t cSize = ROUND_SIZE(nSize); + + if ((_nmemb > ((size_t)-1 / _size) || (nSize == 0) || (cSize<nSize)) + return NULL; + + return HeapAlloc(hHeap, HEAP_ZERO_MEMORY, cSize ); }
/* @@ -66,11 +76,18 @@ */ void* realloc(void* _ptr, size_t _size) { + size_t nSize; + if ( _size == 0) return NULL; - + + nSize = ROUND_SIZE(_size); + + if (nSize<_size) + return NULL; + if (!_ptr) return malloc(_size); - if (_size) return HeapReAlloc(hHeap, 0, _ptr, ROUND_SIZE(_size)); + if (_size) return HeapReAlloc(hHeap, 0, _ptr, nSize); free(_ptr); return NULL; } @@ -80,10 +97,17 @@ */ void* _expand(void* _ptr, size_t _size) { + size_t nSize; + if ( _size == 0) return NULL; + + nSize = ROUND_SIZE(_size); + + if (nSize<_size) + return NULL;
- return HeapReAlloc(hHeap, HEAP_REALLOC_IN_PLACE_ONLY, _ptr, ROUND_SIZE(_size)); + return HeapReAlloc(hHeap, HEAP_REALLOC_IN_PLACE_ONLY, _ptr, nSize); }
/*