Catch some cases where asking for ridiculously large allocations could

result in a segfault. Instead just return NULL.
author: phk <phk@FreeBSD.org> 2003-01-30 15:00:17 +0000
committer: phk <phk@FreeBSD.org> 2003-01-30 15:00:17 +0000
commit: b6af7801e26782a206a12fb1b8ef80a32c43e279 (patch)
tree: 2d89dd8222c5d7304aedd88ddb135f671cf370d2 /lib/libc
parent: dad105a8d9ddaa78b6a2972c87584324661593f3 (diff)
download: FreeBSD-src-b6af7801e26782a206a12fb1b8ef80a32c43e279.zip
FreeBSD-src-b6af7801e26782a206a12fb1b8ef80a32c43e279.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c
index 3cd58f7..2f89030 100644
--- a/lib/libc/stdlib/malloc.c
+++ b/lib/libc/stdlib/malloc.c
@@ -326,6 +326,8 @@ map_pages(size_t pages)
 
     result = (caddr_t)pageround((u_long)sbrk(0));
     tail = result + (pages << malloc_pageshift);
+    if (tail < result)
+	return 0;
 
     if (brk(tail)) {
 #ifdef EXTRA_SANITY
@@ -745,6 +747,8 @@ imalloc(size_t size)
 
     if ((size + malloc_pagesize) < size)	/* Check for overflow */
 	result = 0;
+    else if ((size + malloc_pagesize) >= (uintptr_t)page_dir)
+	result = 0;
     else if (size <= malloc_maxsize)
 	result =  malloc_bytes(size);
     else
author	phk <phk@FreeBSD.org>	2003-01-30 15:00:17 +0000
committer	phk <phk@FreeBSD.org>	2003-01-30 15:00:17 +0000
commit	b6af7801e26782a206a12fb1b8ef80a32c43e279 (patch)
tree	2d89dd8222c5d7304aedd88ddb135f671cf370d2 /lib/libc
parent	dad105a8d9ddaa78b6a2972c87584324661593f3 (diff)
download	FreeBSD-src-b6af7801e26782a206a12fb1b8ef80a32c43e279.zip FreeBSD-src-b6af7801e26782a206a12fb1b8ef80a32c43e279.tar.gz