|
From: | Chet Ramey |
Subject: | Re: [PATCH] malloc: fix out-of-bounds read |
Date: | Tue, 23 Jul 2024 09:11:40 -0400 |
User-agent: | Mozilla Thunderbird |
On 7/23/24 2:08 AM, Collin Funk wrote:
Hi Chet, Chet Ramey <chet.ramey@case.edu> writes:/* Use this when we want to be sure that NB is in bucket NU. */ #define RIGHT_BUCKET(nb, nu) \ (((nb) > binsizes[(nu)-1]) && ((nb) <= binsizes[(nu)]))The right fix here is two-fold: fix the first test here to evaluate to 0 if nu == 0, and change the call in internal_realloc similarly to how your patch changes it for the nunits - 1 case.Ah, okay I see what you mean. Thanks. Did you want a revised patch or do you have it under control?
I got it, thanks. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/
[Prev in Thread] | Current Thread | [Next in Thread] |