Project

General

Profile

Actions

Bug #2130

closed

malloc(SIZE_MAX) returns a buffer sized for 0.

Added by vsrinivas over 12 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Userland
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

malloc(SIZE_MAX) returns a buffer sized for 0 bytes on i386; this is because the
addition and mask on nmalloc.c line 824 can overflow.

Actions

Also available in: Atom PDF