)]}' { "commit": "a31ae8c508fc8d1bca4f57e9f9f88127572d5202", "tree": "d46f55953d29fbd0c691396432e5a98891bc48ac", "parents": [ "7f6626d12daa2f1efd9953d1f4ba2065348dc5cd" ], "author": { "name": "Ben Hutchings", "email": "ben@decadent.org.uk", "time": "Wed Apr 28 04:03:49 2021 +0200" }, "committer": { "name": "Ben Hutchings", "email": "ben@decadent.org.uk", "time": "Thu Apr 29 16:01:54 2021 +0200" }, "message": "[klibc] malloc: Fail if requested size \u003e PTRDIFF_MAX\n\nmalloc() adds some overhead to the requested size, which may result in\nan integer overflow and subsequent buffer overflow if it is close to\nSIZE_MAX. It should fail if size is large enough for this to happen.\n\nFurther, it\u0027s not legal for a C object to be larger than\nPTRDIFF_MAX (half of SIZE_MAX) as pointer arithmetic within it could\noverflow. So return failure immediately if size is greater than that.\n\nCVE-2021-31873\n\nSigned-off-by: Ben Hutchings \u003cben@decadent.org.uk\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "bb57c9f6ffd34ab8f8408887cde939f5bac5e3c2", "old_mode": 33188, "old_path": "usr/klibc/malloc.c", "new_id": "abda84c27105ed0e28bec8c98c47f15705144148", "new_mode": 33188, "new_path": "usr/klibc/malloc.c" } ] }