Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 29 Aug 2012 20:11:50 +0200
From: Florian Weimer <>
Subject: CVE-2012-3509: objalloc_alloc integer overflows in libiberty

Sang Kil Cha discovered that _objalloc_alloc does not guard the
addition of CHUNK_HEADER_SIZE to the length against overflow.  This
can cause _objalloc_alloc to return a pointer to a memory region which
is smaller than expected.

The pointer alignment arithmetic in the objalloc_alloc macro misses an
overflow check as well, with similar consequences.

GCC bug:

Patch under review:

(I believe GCC has the master copy of this file, but does not use it
itself.  libiberty is part of binutils and GDB, too.)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ