From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/8798
Path: news.gmane.org!not-for-mail
From: Daniel Micay <danielmicay@gmail.com>
Newsgroups: gmane.linux.lib.musl.general
Subject: [PATCH] prevent allocs than PTRDIFF_MAX via mremap
Date: Sat, 31 Oct 2015 05:14:45 -0400
Message-ID: <1446282885-5290-1-git-send-email-danielmicay@gmail.com>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
X-Trace: ger.gmane.org 1446285871 20743 80.91.229.3 (31 Oct 2015 10:04:31 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sat, 31 Oct 2015 10:04:31 +0000 (UTC)
Cc: Daniel Micay <danielmicay@gmail.com>
To: musl@lists.openwall.com
Original-X-From: musl-return-8811-gllmg-musl=m.gmane.org@lists.openwall.com Sat Oct 31 11:04:31 2015
Return-path: <musl-return-8811-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-8811-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1ZsT1S-0005xH-LO
	for gllmg-musl@m.gmane.org; Sat, 31 Oct 2015 11:04:30 +0100
Original-Received: (qmail 5757 invoked by uid 550); 31 Oct 2015 10:04:27 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
Original-Received: (qmail 6121 invoked from network); 31 Oct 2015 09:15:07 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=from:to:cc:subject:date:message-id;
        bh=20GB1ttkJKTa/duP4duYSWWjmD9GtdbdW6BcSDUE3j0=;
        b=W0yPtvkqjCjN8xtr8gLu/Iz1+i90oHCBbRQE01fypsYv7wtkf66XHfycvF2WPO0bAN
         3Df2yUOPUeyyXVfJWAVJ+UbT8pWH2HqVlmtfvsH1FrIqgzerraXjAQvHDgM9Mre67FD0
         fmGCUfOw1mlxxjwpqVyX3thTbutNd70O3tfvJg2+PWjtpXo+p+GFCXelGOtrhXcKGjnw
         OozLmLiQ5Px2jDzvWfpOx+Vb9Mlgh1mA7TQQb/09ubTomLnRiB5/+Zwh0yzwKMHtoGwm
         UpxO9z/+6G84U110xw5/RoC+ozQroKwrKS1cu+erZjz9C7OdbS/1Ah3bRTDZFxhiC7ED
         bejw==
X-Received: by 10.50.79.135 with SMTP id j7mr2111781igx.73.1446282895904;
        Sat, 31 Oct 2015 02:14:55 -0700 (PDT)
X-Mailer: git-send-email 2.6.2
Xref: news.gmane.org gmane.linux.lib.musl.general:8798
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/8798>

It's quite feasible for this to happen via MREMAP_MAYMOVE.
---
 src/mman/mremap.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/mman/mremap.c b/src/mman/mremap.c
index 596c45f..1096ace 100644
--- a/src/mman/mremap.c
+++ b/src/mman/mremap.c
@@ -1,5 +1,7 @@
 #include <unistd.h>
 #include <sys/mman.h>
+#include <errno.h>
+#include <stdint.h>
 #include <stdarg.h>
 #include "syscall.h"
 #include "libc.h"
@@ -8,7 +10,12 @@ void *__mremap(void *old_addr, size_t old_len, size_t new_len, int flags, ...)
 {
 	va_list ap;
 	void *new_addr;
-	
+
+	if (new_len >= PTRDIFF_MAX) {
+		errno = ENOMEM;
+		return MAP_FAILED;
+	}
+
 	va_start(ap, flags);
 	new_addr = va_arg(ap, void *);
 	va_end(ap);
-- 
2.6.2