Changeset 4150


Ignore:
Timestamp:
Dec 20, 2009, 1:24:41 PM (11 years ago)
Author:
Sam Hocevar
Message:

Avoid overlapping regions in our realloc's memcpy call.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • zzuf/trunk/src/libzzuf/lib-mem.c

    r4112 r4150  
    141141    if(!ORIG(calloc))
    142142    {
     143        /* Store the chunk length just before the buffer we'll return */
     144        size_t lsize = size;
     145        memcpy(dummy_buffer + dummy_offset, &lsize, sizeof(size_t));
     146        dummy_offset++;
     147
    143148        ret = dummy_buffer + dummy_offset;
    144149        memset(ret, 0, nmemb * size);
     
    159164    if(!ORIG(malloc))
    160165    {
     166        /* Store the chunk length just before the buffer we'll return */
     167        memcpy(dummy_buffer + dummy_offset, &size, sizeof(size_t));
     168        dummy_offset++;
     169
    161170        ret = dummy_buffer + dummy_offset;
    162171        dummy_offset += (size + DUMMY_ALIGNMENT - 1) / DUMMY_ALIGNMENT;
     
    192201        || ((uintptr_t)ptr >= DUMMY_START && (uintptr_t)ptr < DUMMY_STOP))
    193202    {
     203        size_t oldsize;
     204
     205        /* Store the chunk length just before the buffer we'll return */
     206        memcpy(dummy_buffer + dummy_offset, &size, sizeof(size_t));
     207        dummy_offset++;
     208
    194209        ret = dummy_buffer + dummy_offset;
    195         /* XXX: If ptr is NULL, we don't copy anything. If it is non-NULL, we
    196          * copy everything even if it is too big, we don't have anything to
    197          * overflow really. */
    198         if(ptr)
    199             memcpy(ret, ptr, size);
     210        if ((uintptr_t)ptr >= DUMMY_START && (uintptr_t)ptr < DUMMY_STOP)
     211            memcpy(&oldsize, (DUMMY_TYPE *)ptr - 1, sizeof(size_t));
     212        else
     213            oldsize = 0;
     214        memcpy(ret, ptr, size < oldsize ? size : oldsize);
    200215        dummy_offset += (size + DUMMY_ALIGNMENT - 1) / DUMMY_ALIGNMENT;
    201216        debug("%s(%p, %li) = %p", __func__, ptr, (long int)size, ret);
Note: See TracChangeset for help on using the changeset viewer.