dlmalloc: Fix integer overflow in sbrk()
Make sure that the new break is within mem_malloc_start
and mem_malloc_end before making progress.
ulong new = old + increment; can overflow for extremely large
increment values and memset() can get wrongly called.
Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-By: Daniel Leidert <dleidert@debian.org>
Origin: https://source.denx.de/u-boot/u-boot/-/commit/
0a10b49206a29b4aa2f80233a3e53ca0466bb0b3
Bug: https://www.openwall.com/lists/oss-security/2025/02/17/2
Bug-Debian: https://bugs.debian.org/
1098254
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-57258
Bug-Freexian-Security: https://deb.freexian.com/extended-lts/tracker/CVE-2024-57258
Gbp-Pq: Name CVE-2024-57258-1.patch
projects / u-boot.git / commit