File malloc-tcache-check-overflow.patch of Package glibc.14271
2017-11-30 Arjun Shankar <arjun@redhat.com>
[BZ #22375]
CVE-2017-17426
* malloc/malloc.c (__libc_malloc): Use checked_request2size
instead of request2size.
Index: glibc-2.26/malloc/malloc.c
===================================================================
--- glibc-2.26.orig/malloc/malloc.c
+++ glibc-2.26/malloc/malloc.c
@@ -3052,7 +3052,8 @@ __libc_malloc (size_t bytes)
return (*hook)(bytes, RETURN_ADDRESS (0));
#if USE_TCACHE
/* int_free also calls request2size, be careful to not pad twice. */
- size_t tbytes = request2size (bytes);
+ size_t tbytes;
+ checked_request2size (bytes, tbytes);
size_t tc_idx = csize2tidx (tbytes);
MAYBE_INIT_TCACHE ();