stjr/SRB2
0
0
Fork 0
mirror of https://git.do.srb2.org/STJr/SRB2.git synced 2025-01-29 20:50:58 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add overflow checks so we I_Error instead of death crash into oblivion

Browse source 
You'd love to know how we even reached (size_t)-1.
This commit is contained in:
James R 2019-10-28 00:04:30 -07:00
parent c221a89c67
commit 33816e49ca
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/z_zone.c
View file

@ -247,7 +247,11 @@ void Z_Free(void *ptr)
static void *xm(size_t size) static void *xm(size_t size)
{ {
const size_t padedsize = size+sizeof (size_t); const size_t padedsize = size+sizeof (size_t);
void *p = malloc(padedsize); void *p;
if (padedsize < size)/* overflow check */
I_Error("You are allocating memory too large!");
p = malloc(padedsize);
if (p == NULL) if (p == NULL)
{ {
@ -295,6 +299,9 @@ void *Z_MallocAlign(size_t size, INT32 tag, void *user, INT32 alignbits)
CONS_Debug(DBG_MEMORY, "Z_Malloc %s:%d\n", file, line); CONS_Debug(DBG_MEMORY, "Z_Malloc %s:%d\n", file, line);
#endif #endif
if (blocksize < size)/* overflow check */
I_Error("You are allocating memory too large!");
block = xm(sizeof *block); block = xm(sizeof *block);
#ifdef HAVE_VALGRIND #ifdef HAVE_VALGRIND
padsize += (1<<sizeof(size_t))*2; padsize += (1<<sizeof(size_t))*2;