diff options
| author | doug <> | 2014-10-22 05:19:27 +0000 |
|---|---|---|
| committer | doug <> | 2014-10-22 05:19:27 +0000 |
| commit | 5a6d7fd5a10b0ad084948463b25822d91091b325 (patch) | |
| tree | 47cdaee64f407c6e04010fbc7347f1b262d27be6 | |
| parent | c95a384eee0578c645789ea3fd210c812b655803 (diff) | |
| download | openbsd-5a6d7fd5a10b0ad084948463b25822d91091b325.tar.gz openbsd-5a6d7fd5a10b0ad084948463b25822d91091b325.tar.bz2 openbsd-5a6d7fd5a10b0ad084948463b25822d91091b325.zip | |
Avoid writing in second person in malloc.3
ok deraadt@
| -rw-r--r-- | src/lib/libc/stdlib/malloc.3 | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3 index 8305b14d35..caf1da2207 100644 --- a/src/lib/libc/stdlib/malloc.3 +++ b/src/lib/libc/stdlib/malloc.3 | |||
| @@ -30,9 +30,9 @@ | |||
| 30 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 30 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 31 | .\" SUCH DAMAGE. | 31 | .\" SUCH DAMAGE. |
| 32 | .\" | 32 | .\" |
| 33 | .\" $OpenBSD: malloc.3,v 1.81 2014/10/20 19:35:23 schwarze Exp $ | 33 | .\" $OpenBSD: malloc.3,v 1.82 2014/10/22 05:19:27 doug Exp $ |
| 34 | .\" | 34 | .\" |
| 35 | .Dd $Mdocdate: October 20 2014 $ | 35 | .Dd $Mdocdate: October 22 2014 $ |
| 36 | .Dt MALLOC 3 | 36 | .Dt MALLOC 3 |
| 37 | .Os | 37 | .Os |
| 38 | .Sh NAME | 38 | .Sh NAME |
| @@ -195,7 +195,7 @@ Consider | |||
| 195 | .Fn calloc | 195 | .Fn calloc |
| 196 | or the extension | 196 | or the extension |
| 197 | .Fn reallocarray | 197 | .Fn reallocarray |
| 198 | when you have multiplication in the | 198 | when there is multiplication in the |
| 199 | .Fa size | 199 | .Fa size |
| 200 | argument of | 200 | argument of |
| 201 | .Fn malloc | 201 | .Fn malloc |
| @@ -648,26 +648,25 @@ When using | |||
| 648 | .Fn malloc , | 648 | .Fn malloc , |
| 649 | be wary of signed integer and | 649 | be wary of signed integer and |
| 650 | .Vt size_t | 650 | .Vt size_t |
| 651 | overflow especially when you | 651 | overflow especially when there is multiplication in the |
| 652 | have multiplication in the | ||
| 653 | .Fa size | 652 | .Fa size |
| 654 | argument. | 653 | argument. |
| 655 | .Pp | 654 | .Pp |
| 656 | Signed integer overflow will cause undefined behavior which compilers | 655 | Signed integer overflow will cause undefined behavior which compilers |
| 657 | typically handle by wrapping back around to negative numbers. | 656 | typically handle by wrapping back around to negative numbers. |
| 658 | Depending on the input, this can result in allocating more or less | 657 | Depending on the input, this can result in allocating more or less |
| 659 | memory than you intended. | 658 | memory than intended. |
| 660 | .Pp | 659 | .Pp |
| 661 | An unsigned overflow has defined behavior which will wrap back around and you | 660 | An unsigned overflow has defined behavior which will wrap back around and |
| 662 | will receive less memory than you intended. | 661 | return less memory than intended. |
| 663 | .Pp | 662 | .Pp |
| 664 | A signed or unsigned integer overflow is a | 663 | A signed or unsigned integer overflow is a |
| 665 | .Em security | 664 | .Em security |
| 666 | risk if you end up allocating less memory than you intended. | 665 | risk if less memory is returned than intended. |
| 667 | Your code may corrupt the heap by writing beyond the memory that you | 666 | Subsequent code may corrupt the heap by writing beyond the memory that was |
| 668 | were allocated. | 667 | allocated. |
| 669 | An attacker may be able to leverage this heap corruption to convince your | 668 | An attacker may be able to leverage this heap corruption to execute arbitrary |
| 670 | program to execute arbitrary code. | 669 | code. |
| 671 | .Pp | 670 | .Pp |
| 672 | Consider using | 671 | Consider using |
| 673 | .Fn calloc | 672 | .Fn calloc |