Subject: [Boost-bugs] [Boost C++ Libraries] #6701: integer overflows in ordered_malloc()
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2012-03-18 02:08:33
#6701: integer overflows in ordered_malloc()
-----------------------------------------+----------------------------------
Reporter: Xi Wang <xi.wang@…> | Owner: cnewbold
Type: Patches | Status: new
Milestone: To Be Determined | Component: pool
Version: Boost Development Trunk | Severity: Problem
Keywords: |
-----------------------------------------+----------------------------------
Consider pool::ordered_malloc(size_type n).
const size_type total_req_size = n * requested_size;
Given a large n, total_req_size will wrap around to a small integer. The
allocated memory would be smaller than expected, leading to a potential
buffer overflow.
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/6701> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:09 UTC