Fix malloc and realloc overflow

If user requests a size >= 65532, adding the heap admin size overflows size. Fixes #2358.
2024-01-15 20:30:20 +01:00
parent 57e65a6bf6
commit 3e01ac9b04
4 changed files with 121 additions and 4 deletions
--- a/libsrc/common/realloc.c
+++ b/libsrc/common/realloc.c
@@ -59,6 +59,11 @@ void* __fastcall__ realloc (void* block, register size_t size)
        return 0;
    }

+    /* Don't overflow! */
+    if (size > 0xFFFF - HEAP_ADMIN_SPACE) {
+      return 0;
+    }
+
    /* Make the internal used size from the given size */
    size += HEAP_ADMIN_SPACE;
    if (size < sizeof (struct freeblock)) {
@@ -107,6 +112,3 @@ void* __fastcall__ realloc (void* block, register size_t size)
    }
    return newblock;
 }
-
-
-