From: yellows8 <yellows8@users.noreply.github.com>
Date: Tue, 17 Mar 2015 00:59:59 +0000 (-0400)
Subject: Fixed security failure /w alignment in MemPool::Allocate().
X-Git-Tag: v0.5.0~3
X-Git-Url: https://chaos.moe/g/?a=commitdiff_plain;h=5b5bdb1bd1b6cce5f0a57fc3d6531fc26d31cde7;p=corbenik%2Fctrulib.git

Fixed security failure /w alignment in MemPool::Allocate().
---

diff --git a/libctru/source/allocator/mem_pool.cpp b/libctru/source/allocator/mem_pool.cpp
index a2c312d..13063ef 100644
--- a/libctru/source/allocator/mem_pool.cpp
+++ b/libctru/source/allocator/mem_pool.cpp
@@ -33,7 +33,11 @@ void MemPool::CoalesceRight(MemBlock* b)
 bool MemPool::Allocate(MemChunk& chunk, u32 size, int align)
 {
 	int alignM = (1 << align) - 1;
-	size = (size + alignM) &~ alignM; // Round the size
+	u32 newsize;
+	newsize = (size + alignM) &~ alignM; // Round the size
+	if(newsize < size)return false;//Return error when integer-overflow occurs due to aligning the size.
+	size = newsize;
+
 	// Find the first suitable block
 	for (auto b = first; b; b = b->next)
 	{