Overview

File malloc-tcache-check-overflow.patch of Package glibc.10668

2017-11-30  Arjun Shankar  <arjun@redhat.com>

	[BZ #22375]
	CVE-2017-17426
	* malloc/malloc.c (__libc_malloc): Use checked_request2size
	instead of request2size.

Index: glibc-2.26/malloc/malloc.c
===================================================================
--- glibc-2.26.orig/malloc/malloc.c
+++ glibc-2.26/malloc/malloc.c
@@ -3052,7 +3052,8 @@ __libc_malloc (size_t bytes)
     return (*hook)(bytes, RETURN_ADDRESS (0));
 #if USE_TCACHE
   /* int_free also calls request2size, be careful to not pad twice.  */
-  size_t tbytes = request2size (bytes);
+  size_t tbytes;
+  checked_request2size (bytes, tbytes);
   size_t tc_idx = csize2tidx (tbytes);
 
   MAYBE_INIT_TCACHE ();
openSUSE Build Service is sponsored by
Places