|
From: Loganaden V. <log...@gm...> - 2015-03-08 17:58:53
|
Dear giflib developers, I've started working on initial hardening of the memory allocation for giflib. I imported OpenBSD's reallocarray() which has useful check for overflows: Please see: https://github.com/AstrodogInc/secfu/blob/master/giflib/giflib.patch >From OpenBSD's man page: The above test is not sufficient in all cases. For example, multiplying ints requires a different set of checks: int num, size; ... /* Avoid invalid requests */ if (size < 0 || num < 0) errc(1, EOVERFLOW, "overflow"); /* Check for signed int overflow */ if (size && num > INT_MAX / size) errc(1, EOVERFLOW, "overflow"); if ((p = malloc(size * num)) == NULL) err(1, "malloc"); Assuming the implementation checks for integer overflow as OpenBSD does, it is much easier to use calloc() or reallocarray(). The above examples could be simplified to: if ((p = reallocarray(NULL, num, size)) == NULL) err(1, "reallocarray"); I have converted 2 calls to reallocarray() (Thanks to bc...@op... for reviewing my diff). I can start looking at other areas that will benefit from reallocarray(), if there is interest upstream-wise. Are you guys interested in this ? Kind regards, //Logan C-x-C-c -- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present. |