[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-patch] [PATCH] Use xmalloc in bestmatch

From: Tobias Stoeckmann
Subject: [bug-patch] [PATCH] Use xmalloc in bestmatch
Date: Mon, 16 Feb 2015 23:05:13 +0100


the return value of malloc in bestmatch is not checked for NULL. This can
be triggered with very large files (or limited amount of RAM) during
merge operations.

In case of NULL, the program won't necessarily end with a segmentation
fault, because V is not referenced directly. "fd" is used instead, which
points into V. With a properly tailored diff, it's possible to set a few
bytes in lower memory areas (3 bytes in my test).

Fix is simple: Use xmalloc to call fatal if we run out of memory.


PS: This malloc looks rather prone to an integer overflow, but I haven't
    been able to trigger it. It's probably safe because there are many
    allocations done before which triggered oom for me before reaching
    this code.
 src/bestmatch.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/bestmatch.h b/src/bestmatch.h
index 1b12923..b0d5cfb 100644
--- a/src/bestmatch.h
+++ b/src/bestmatch.h
@@ -64,7 +64,7 @@ bestmatch(OFFSET xoff, OFFSET xlim, OFFSET yoff, OFFSET ylim,
     OFFSET fmid_plus_2_min, ymax = -1;
     OFFSET c;
-    V = malloc ((2 * max + 3) * sizeof (OFFSET));
+    V = xmalloc ((2 * max + 3) * sizeof (OFFSET));
     fd = V + max + 1 - fmid;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]