[Bug other/54411] New: libiberty: objalloc_alloc integer overflows (CVE-2012-3509)

fw at gcc dot gnu.org Wed, 29 Aug 2012 10:11:32 -0700

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411


             Bug #: 54411
           Summary: libiberty: objalloc_alloc integer overflows
                    (CVE-2012-3509)
    Classification: Unclassified
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: other
        AssignedTo: f...@gcc.gnu.org
        ReportedBy: f...@gcc.gnu.org


Sang Kil Cha discovered that _objalloc_alloc does not guard the addition of
CHUNK_HEADER_SIZE to the length against overflow.  This can cause
_objalloc_alloc to return a pointer to a memory region which is smaller than
expected.

The pointer alignment arithmetic in the objalloc_alloc macro misses an overflow
check as well, with similar consequences.

[Bug other/54411] New: libiberty: objalloc_alloc integer overflows (CVE-2012-3509)

Reply via email to