Fix umm_malloc()

cesanta · Jan 6, 2021 · b338266 · b338266
1 parent e17ecd9
commit b338266
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 37 deletions.
diff --git a/src/umm_malloc/test/Makefile b/src/umm_malloc/test/Makefile
@@ -1,49 +1,18 @@
-
+CFLAGS ?= -W -Wall -I.. -I.
 all: test test_poison test_integrity test_poison_integrity test_poison_integrity_onfree
 
-INCDIRS = -I.. -I.
-
 test:
-	@echo NORMAL
-	gcc --std=c99 $(CFLAGS) $(INCDIRS) -g3 -m32 \
-	  ../umm_malloc.c umm_malloc_test.c \
-		-o test_umm
-	./test_umm
+	$(CC) $(CFLAGS) ../umm_malloc.c umm_malloc_test.c -o test_umm && ./test_umm
 
 test_poison:
-	@echo POISON
-	gcc --std=c99 $(CFLAGS) $(INCDIRS) \
-    -DUMM_POISON \
-    -DUMM_DISABLE_VERBOSE_INTEGRITY_CHECK -g3 -m32 \
-    ../umm_malloc.c umm_malloc_test.c \
-    -o test_umm
-	./test_umm
+	$(CC) $(CFLAGS) -DUMM_POISON -DUMM_DISABLE_VERBOSE_INTEGRITY_CHECK ../umm_malloc.c umm_malloc_test.c -o test_umm && ./test_umm
 
 test_integrity:
-	@echo INTEGRITY
-	gcc --std=c99 $(CFLAGS) $(INCDIRS) \
-    -DUMM_INTEGRITY_CHECK \
-    -DUMM_DISABLE_VERBOSE_INTEGRITY_CHECK -g3 -m32 \
-    ../umm_malloc.c umm_malloc_test.c \
-    -o test_umm
-	./test_umm
+	$(CC) $(CFLAGS) -DUMM_POISON -DUMM_INTEGRITY_CHECK -DUMM_DISABLE_VERBOSE_INTEGRITY_CHECK ../umm_malloc.c umm_malloc_test.c -o test_umm && ./test_umm
 
 test_poison_integrity:
-	@echo POISON + INTEGRITY
-	gcc --std=c99 $(CFLAGS) $(INCDIRS) \
-    -DUMM_POISON -DUMM_INTEGRITY_CHECK \
-    -DUMM_DISABLE_VERBOSE_INTEGRITY_CHECK -g3 -m32 \
-    ../umm_malloc.c umm_malloc_test.c \
-    -o test_umm
-	./test_umm
+	$(CC) $(CFLAGS) -DUMM_POISON -DUMM_INTEGRITY_CHECK -'DUMM_ONFREE(ptr, size)=memset(ptr, 0xff, size)' -DUMM_DISABLE_VERBOSE_INTEGRITY_CHECK  -DUMM_DISABLE_VERBOSE_INTEGRITY_CHECK ../umm_malloc.c umm_malloc_test.c -o test_umm && ./test_umm
 
 test_poison_integrity_onfree:
-	@echo POISON + INTEGRITY
-	gcc --std=c99 $(CFLAGS) $(INCDIRS) \
-    -DUMM_POISON -DUMM_INTEGRITY_CHECK \
-    -'DUMM_ONFREE(ptr, size)=memset(ptr, 0xff, size)' \
-    -DUMM_DISABLE_VERBOSE_INTEGRITY_CHECK -g3 -m32 \
-    ../umm_malloc.c umm_malloc_test.c \
-    -o test_umm
-	./test_umm
+	$(CC) $(CFLAGS) -DUMM_INTEGRITY_CHECK -DUMM_DISABLE_VERBOSE_INTEGRITY_CHECK ../umm_malloc.c umm_malloc_test.c -o test_umm && ./test_umm
 
diff --git a/src/umm_malloc/test/umm_malloc_test.c b/src/umm_malloc/test/umm_malloc_test.c
@@ -321,6 +321,9 @@ int main(void) {
   TRY(test_poison());
 #endif
 
+  // Check for integer overflows
+  TRY(umm_malloc((size_t) ~0) == NULL);
+
   TRY(random_stress());
   TRY(test_oom_random());
 

diff --git a/src/umm_malloc/umm_malloc.c b/src/umm_malloc/umm_malloc.c
@@ -489,6 +489,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <stdint.h>
 
 #include "umm_malloc.h"
 #include "umm_malloc_internal.h"
@@ -1699,6 +1700,7 @@ void *umm_malloc( size_t size ) {
   if (!INTEGRITY_CHECK()) {
     return NULL;
   }
+  if (POISON_SIZE(size) >= SIZE_MAX - size) return NULL;  // Overflow
 
   size += POISON_SIZE(size);
 
@@ -1727,6 +1729,7 @@ void *umm_calloc( size_t num, size_t item_size ) {
     return NULL;
   }
 
+  if (POISON_SIZE(size) >= SIZE_MAX - size) return NULL;  // Overflow
   size += POISON_SIZE(size);
   ret = _umm_malloc(size);
   if (ret != NULL) memset(ret, 0x00, size);
@@ -1755,6 +1758,7 @@ void *umm_realloc( void *ptr, size_t size ) {
     return NULL;
   }
 
+  if (POISON_SIZE(size) >= SIZE_MAX - size) return NULL;  // Overflow
   size += POISON_SIZE(size);
   ret = _umm_realloc( ptr, size );