gcc-4.7-source 4.7.4-3ubuntu12 / usr / src / gcc-4.7 / debian / patches / pr54411.diff

This file is indexed.

/usr/src/gcc-4.7/debian/patches/pr54411.diff is in gcc-4.7-source 4.7.4-3ubuntu12.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# DP: Fix PR other/54411, libiberty: objalloc_alloc integer overflows (CVE-2012-3509)

include/

2012-09-18  Florian Weimer  <fweimer@redhat.com>

	PR other/54411
	* objalloc.h (objalloc_alloc): Do not use fast path on wraparound.

libiberty/

2012-09-18  Florian Weimer  <fweimer@redhat.com>

	PR other/54411
	* objalloc.c (_objalloc_alloc): Add overflow check covering
	alignment and CHUNK_HEADER_SIZE addition.

 
Index: include/objalloc.h
===================================================================
--- a/src/include/objalloc.h	(Revision 191412)
+++ b/src/include/objalloc.h	(Revision 191413)
@@ -1,5 +1,5 @@
 /* objalloc.h -- routines to allocate memory for objects
-   Copyright 1997, 2001 Free Software Foundation, Inc.
+   Copyright 1997-2012 Free Software Foundation, Inc.
    Written by Ian Lance Taylor, Cygnus Solutions.
 
 This program is free software; you can redistribute it and/or modify it
@@ -91,7 +91,7 @@
      if (__len == 0)							\
        __len = 1;							\
      __len = (__len + OBJALLOC_ALIGN - 1) &~ (OBJALLOC_ALIGN - 1);	\
-     (__len <= __o->current_space					\
+     (__len != 0 && __len <= __o->current_space				\
       ? (__o->current_ptr += __len,					\
 	 __o->current_space -= __len,					\
 	 (void *) (__o->current_ptr - __len))				\
Index: libiberty/objalloc.c
===================================================================
--- a/src/libiberty/objalloc.c	(Revision 191412)
+++ b/src/libiberty/objalloc.c	(Revision 191413)
@@ -1,5 +1,5 @@
 /* objalloc.c -- routines to allocate memory for objects
-   Copyright 1997 Free Software Foundation, Inc.
+   Copyright 1997-2012 Free Software Foundation, Inc.
    Written by Ian Lance Taylor, Cygnus Solutions.
 
 This program is free software; you can redistribute it and/or modify it
@@ -112,8 +112,10 @@
 /* Allocate space from an objalloc structure.  */
 
 PTR
-_objalloc_alloc (struct objalloc *o, unsigned long len)
+_objalloc_alloc (struct objalloc *o, unsigned long original_len)
 {
+  unsigned long len = original_len;
+
   /* We avoid confusion from zero sized objects by always allocating
      at least 1 byte.  */
   if (len == 0)
@@ -121,6 +123,11 @@
 
   len = (len + OBJALLOC_ALIGN - 1) &~ (OBJALLOC_ALIGN - 1);
 
+  /* Check for overflow in the alignment operation above and the
+     malloc argument below. */
+  if (len + CHUNK_HEADER_SIZE < original_len)
+    return NULL;
+
   if (len <= o->current_space)
     {
       o->current_ptr += len;

APT Browse - Built by Thomas Orozco.