Bug #2130

malloc(SIZE_MAX) returns a buffer sized for 0.

Added by vsrinivas over 3 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

malloc(SIZE_MAX) returns a buffer sized for 0 bytes on i386; this is because the
addition and mask on nmalloc.c line 824 can overflow.

Also available in: Atom PDF