Project

General

Profile

Bug #2130

malloc(SIZE_MAX) returns a buffer sized for 0.

Added by vsrinivas about 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%


Description

malloc(SIZE_MAX) returns a buffer sized for 0 bytes on i386; this is because the
addition and mask on nmalloc.c line 824 can overflow.

Also available in: Atom PDF