summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2013-06-27 12:48:59 -0400
committerRich Felker <dalias@aerifal.cx>2013-06-27 12:48:59 -0400
commit3cd6f5229f079f892411e82fce3fe15c78eef4d8 (patch)
treefd513b5adab33019ed5251ffea1076eec6140afc
parentb17c75a4d539d7ec5b81cc7ce7ce6b065a87e7a6 (diff)
downloadmusl-3cd6f5229f079f892411e82fce3fe15c78eef4d8.tar.gz
musl-3cd6f5229f079f892411e82fce3fe15c78eef4d8.tar.bz2
musl-3cd6f5229f079f892411e82fce3fe15c78eef4d8.tar.xz
musl-3cd6f5229f079f892411e82fce3fe15c78eef4d8.zip
disallow creation of objects larger than PTRDIFF_MAX via mmap
internally, other parts of the library assume sizes don't overflow ssize_t and/or ptrdiff_t, and the way this assumption is made valid is by preventing creating of such large objects. malloc already does so, but the check was missing from mmap. this is also a quality of implementation issue: even if the implementation internally could handle such objects, applications could inadvertently invoke undefined behavior by subtracting pointers within an object. it is very difficult to guard against this in applications, so a good implementation should simply ensure that it does not happen.
-rw-r--r--src/mman/mmap.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/mman/mmap.c b/src/mman/mmap.c
index e99271f7..b56cff86 100644
--- a/src/mman/mmap.c
+++ b/src/mman/mmap.c
@@ -1,6 +1,7 @@
#include <unistd.h>
#include <sys/mman.h>
#include <errno.h>
+#include <stdint.h>
#include <limits.h>
#include "syscall.h"
#include "libc.h"
@@ -20,6 +21,10 @@ void *__mmap(void *start, size_t len, int prot, int flags, int fd, off_t off)
errno = EINVAL;
return MAP_FAILED;
}
+ if (len >= PTRDIFF_MAX) {
+ errno = ENOMEM;
+ return MAP_FAILED;
+ }
if (flags & MAP_FIXED) __vm_lock(-1);
#ifdef SYS_mmap2
ret = (void *)syscall(SYS_mmap2, start, len, prot, flags, fd, off>>12);