Fixed security failure /w alignment in MemPool::Allocate().

author yellows8 <yellows8@users.noreply.github.com>

Tue, 17 Mar 2015 00:59:59 +0000 (20:59 -0400)

committer yellows8 <yellows8@users.noreply.github.com>

Tue, 17 Mar 2015 00:59:59 +0000 (20:59 -0400)
author yellows8 <yellows8@users.noreply.github.com>
Tue, 17 Mar 2015 00:59:59 +0000 (20:59 -0400)
committer yellows8 <yellows8@users.noreply.github.com>
Tue, 17 Mar 2015 00:59:59 +0000 (20:59 -0400)
diff --git a/libctru/source/allocator/mem_pool.cpp b/libctru/source/allocator/mem_pool.cpp

index a2c312dea74f45a7d65eb86daed56ccf22d7cdf0..13063ef07347e0305d9cf8f3a970762716b80c94 100644 (file)
--- a/libctru/source/allocator/mem_pool.cpp
+++ b/libctru/source/allocator/mem_pool.cpp
@@ -33,7 +33,11 @@ void MemPool::CoalesceRight(MemBlock* b)
  bool MemPool::Allocate(MemChunk& chunk, u32 size, int align)
  {
         int alignM = (1 << align) - 1;
-       size = (size + alignM) &~ alignM; // Round the size
+       u32 newsize;
+       newsize = (size + alignM) &~ alignM; // Round the size
+       if(newsize < size)return false;//Return error when integer-overflow occurs due to aligning the size.
+       size = newsize;
+
         // Find the first suitable block
         for (auto b = first; b; b = b->next)
         {
author	yellows8 <yellows8@users.noreply.github.com>
	Tue, 17 Mar 2015 00:59:59 +0000 (20:59 -0400)
committer	yellows8 <yellows8@users.noreply.github.com>
	Tue, 17 Mar 2015 00:59:59 +0000 (20:59 -0400)