[PATCH 3/4] dlmalloc: Fix integer overflow in sbrk()
Tom Rini
trini at konsulko.com
Wed Aug 7 03:56:21 CEST 2024
On Tue, Aug 06, 2024 at 03:50:41PM -0600, Simon Glass wrote:
> On Fri, 2 Aug 2024 at 04:08, Richard Weinberger <richard at nod.at> wrote:
> >
> > Make sure that the new break is within mem_malloc_start
> > and mem_malloc_end before making progress.
> > ulong new = old + increment; can overflow for extremely large
> > increment values and memset() can get wrongly called.
> >
> > Signed-off-by: Richard Weinberger <richard at nod.at>
> > ---
> > common/dlmalloc.c | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
>
> Reviewed-by: Simon Glass <sjg at chromium.org>
>
> Should we update dlmalloc to the new version?
A worthy but non-trivial goal, I think.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20240806/58d629b6/attachment.sig>
More information about the U-Boot
mailing list