lib: heap: Added checks for integer overflow check the integer overflow while allocating the memory from heap. CRs-Fixed: 692478 Change-Id: I73e8ffe74efc7aa580af43142bdf733bb2d8610a

commit: 6390f200d966dc13cf61bb5abbe3110447ca82b5 [log] [tgz]
author: vijay kumar <vpendo@codeaurora.org> Tue Jul 22 17:06:28 2014 +0530
committer: vijay kumar <vpendo@codeaurora.org> Mon Aug 04 11:36:28 2014 +0530
tree: 0bd4793ee51c79d1ed1f3d418ed3f4745f43749c
parent: c30f4c9fbd56bd2d87dec82b117b9c427b151529 [diff]
diff --git a/lib/heap/heap.c b/lib/heap/heap.c
index a3a35fb..3393081 100644
--- a/lib/heap/heap.c
+++ b/lib/heap/heap.c

@@ -1,6 +1,7 @@
 /*
  * Copyright (c) 2008-2009 Travis Geiselbrecht
  * Copyright (c) 2009 Corey Tabaka
+ * Copyright (c) 2009,2014 The Linux Foundation. All rights reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining
  * a copy of this software and associated documentation files
@@ -237,6 +238,11 @@
 	if (alignment & (alignment - 1))
 		return NULL;
 
+	if(size > (size + sizeof(struct alloc_struct_begin)))
+	{
+		dprintf(CRITICAL, "invalid input size\n");
+		return NULL;
+	}
 	// we always put a size field + base pointer + magic in front of the allocation
 	size += sizeof(struct alloc_struct_begin);
 #if DEBUG_HEAP
@@ -258,6 +264,11 @@
 			alignment = 16;
 
 		// add alignment for worst case fit
+		if(size > (size + alignment))
+		{
+			dprintf(CRITICAL, "invalid input alignment\n");
+			return NULL;
+		}
 		size += alignment;
 	}
commit	6390f200d966dc13cf61bb5abbe3110447ca82b5	[log] [tgz]
author	vijay kumar <vpendo@codeaurora.org>	Tue Jul 22 17:06:28 2014 +0530
committer	vijay kumar <vpendo@codeaurora.org>	Mon Aug 04 11:36:28 2014 +0530
tree	0bd4793ee51c79d1ed1f3d418ed3f4745f43749c
parent	c30f4c9fbd56bd2d87dec82b117b9c427b151529 [diff]