claunia/flac
1
0
Fork 0
mirror of https://github.com/claunia/flac.git synced 2025-12-16 18:54:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

extra checking on memory allocation sizes to prevent a class of overflow attacks

Browse Source
This commit is contained in:
Josh Coalson
2007-09-11 04:49:56 +00:00
parent 0221d87c89
commit 0f008d2e9e
26 changed files with 234 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/libFLAC/memory.c
View File

@@ -35,6 +35,7 @@
#include "private/memory.h"
#include "FLAC/assert.h"
#include "share/alloc.h"
void *FLAC__memory_alloc_aligned(size_t bytes, void **aligned_address)
{
@@ -44,7 +45,7 @@ void *FLAC__memory_alloc_aligned(size_t bytes, void **aligned_address)
#ifdef FLAC__ALIGN_MALLOC_DATA
/* align on 32-byte (256-bit) boundary */
x = malloc(bytes+31);
x = safe_malloc_add_2op_(bytes, /*+*/31);
#ifdef SIZEOF_VOIDP
#if SIZEOF_VOIDP == 4
/* could do *aligned_address = x + ((unsigned) (32 - (((unsigned)x) & 31))) & 31; */
@@ -64,7 +65,7 @@ void *FLAC__memory_alloc_aligned(size_t bytes, void **aligned_address)
return 0;
#endif
#else
x = malloc(bytes);
x = safe_malloc_(bytes);
*aligned_address = x;
#endif
return x;
@@ -83,7 +84,10 @@ FLAC__bool FLAC__memory_alloc_aligned_int32_array(unsigned elements, FLAC__int32
FLAC__ASSERT(0 != aligned_pointer);
FLAC__ASSERT(unaligned_pointer != aligned_pointer);
pu = (FLAC__int32*)FLAC__memory_alloc_aligned(sizeof(FLAC__int32) * elements, &u.pv);
if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
return false;
pu = (FLAC__int32*)FLAC__memory_alloc_aligned(sizeof(*pu) * (size_t)elements, &u.pv);
if(0 == pu) {
return false;
}
@@ -109,7 +113,10 @@ FLAC__bool FLAC__memory_alloc_aligned_uint32_array(unsigned elements, FLAC__uint
FLAC__ASSERT(0 != aligned_pointer);
FLAC__ASSERT(unaligned_pointer != aligned_pointer);
pu = (FLAC__uint32*)FLAC__memory_alloc_aligned(sizeof(FLAC__uint32) * elements, &u.pv);
if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
return false;
pu = (FLAC__uint32*)FLAC__memory_alloc_aligned(sizeof(*pu) * elements, &u.pv);
if(0 == pu) {
return false;
}
@@ -135,7 +142,10 @@ FLAC__bool FLAC__memory_alloc_aligned_uint64_array(unsigned elements, FLAC__uint
FLAC__ASSERT(0 != aligned_pointer);
FLAC__ASSERT(unaligned_pointer != aligned_pointer);
pu = (FLAC__uint64*)FLAC__memory_alloc_aligned(sizeof(FLAC__uint64) * elements, &u.pv);
if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
return false;
pu = (FLAC__uint64*)FLAC__memory_alloc_aligned(sizeof(*pu) * elements, &u.pv);
if(0 == pu) {
return false;
}
@@ -161,7 +171,10 @@ FLAC__bool FLAC__memory_alloc_aligned_unsigned_array(unsigned elements, unsigned
FLAC__ASSERT(0 != aligned_pointer);
FLAC__ASSERT(unaligned_pointer != aligned_pointer);
pu = (unsigned*)FLAC__memory_alloc_aligned(sizeof(unsigned) * elements, &u.pv);
if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
return false;
pu = (unsigned*)FLAC__memory_alloc_aligned(sizeof(*pu) * elements, &u.pv);
if(0 == pu) {
return false;
}
@@ -189,7 +202,10 @@ FLAC__bool FLAC__memory_alloc_aligned_real_array(unsigned elements, FLAC__real *
FLAC__ASSERT(0 != aligned_pointer);
FLAC__ASSERT(unaligned_pointer != aligned_pointer);
pu = (FLAC__real*)FLAC__memory_alloc_aligned(sizeof(FLAC__real) * elements, &u.pv);
if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
return false;
pu = (FLAC__real*)FLAC__memory_alloc_aligned(sizeof(*pu) * elements, &u.pv);
if(0 == pu) {
return false;
}