lib: heap: Added checks for integer overflow
check the integer overflow while allocating the memory from heap.
CRs-Fixed: 692478
Change-Id: I73e8ffe74efc7aa580af43142bdf733bb2d8610a
diff --git a/lib/heap/heap.c b/lib/heap/heap.c
index a3a35fb..3393081 100644
--- a/lib/heap/heap.c
+++ b/lib/heap/heap.c
@@ -1,6 +1,7 @@
/*
* Copyright (c) 2008-2009 Travis Geiselbrecht
* Copyright (c) 2009 Corey Tabaka
+ * Copyright (c) 2009,2014 The Linux Foundation. All rights reserved.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
@@ -237,6 +238,11 @@
if (alignment & (alignment - 1))
return NULL;
+ if(size > (size + sizeof(struct alloc_struct_begin)))
+ {
+ dprintf(CRITICAL, "invalid input size\n");
+ return NULL;
+ }
// we always put a size field + base pointer + magic in front of the allocation
size += sizeof(struct alloc_struct_begin);
#if DEBUG_HEAP
@@ -258,6 +264,11 @@
alignment = 16;
// add alignment for worst case fit
+ if(size > (size + alignment))
+ {
+ dprintf(CRITICAL, "invalid input alignment\n");
+ return NULL;
+ }
size += alignment;
}