extend the PTRDIFF_MAX size check to mremap
This removes another way to obtain objects larger than PTRDIFF_MAX. The
only known remaining hole is now jemalloc's merging of virtual memory
spans.
Technically this could be wrapped in an __LP64__ ifndef since it can't
occur on 64-bit due to the 1:1 split. It doesn't really matter either
way.
Change-Id: Iab2af242b775bc98a59421994d87aca0433215bd
diff --git a/libc/bionic/mremap.cpp b/libc/bionic/mremap.cpp
index 4892b1d..6653d43 100644
--- a/libc/bionic/mremap.cpp
+++ b/libc/bionic/mremap.cpp
@@ -26,12 +26,24 @@
* SUCH DAMAGE.
*/
+#include <errno.h>
#include <sys/mman.h>
#include <stdarg.h>
+#include <stdint.h>
+#include <unistd.h>
+
+#include "private/bionic_macros.h"
extern "C" void* ___mremap(void*, size_t, size_t, int, void*);
void* mremap(void* old_address, size_t old_size, size_t new_size, int flags, ...) {
+ // prevent allocations large enough for `end - start` to overflow
+ size_t rounded = BIONIC_ALIGN(new_size, PAGE_SIZE);
+ if (rounded < new_size || rounded > PTRDIFF_MAX) {
+ errno = ENOMEM;
+ return MAP_FAILED;
+ }
+
void* new_address = nullptr;
// The optional argument is only valid if the MREMAP_FIXED flag is set,
// so we assume it's not present otherwise.