From ca126d490b0ff6960e135f3c77b2b2d4892a5744 Mon Sep 17 00:00:00 2001 From: practicalswift Date: Sun, 6 Jan 2019 16:38:32 +0100 Subject: Fix out-of-bounds write in case of failing mmap(...) in PosixLockedPageAllocator::AllocateLocked --- src/support/allocators/secure.h | 6 +++++- src/support/lockedpool.cpp | 3 +++ src/support/lockedpool.h | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) (limited to 'src/support') diff --git a/src/support/allocators/secure.h b/src/support/allocators/secure.h index 7cd0df135d..57f5b1f733 100644 --- a/src/support/allocators/secure.h +++ b/src/support/allocators/secure.h @@ -40,7 +40,11 @@ struct secure_allocator : public std::allocator { T* allocate(std::size_t n, const void* hint = 0) { - return static_cast(LockedPoolManager::Instance().alloc(sizeof(T) * n)); + T* allocation = static_cast(LockedPoolManager::Instance().alloc(sizeof(T) * n)); + if (!allocation) { + throw std::bad_alloc(); + } + return allocation; } void deallocate(T* p, std::size_t n) diff --git a/src/support/lockedpool.cpp b/src/support/lockedpool.cpp index 8d577cf521..627018083e 100644 --- a/src/support/lockedpool.cpp +++ b/src/support/lockedpool.cpp @@ -248,6 +248,9 @@ void *PosixLockedPageAllocator::AllocateLocked(size_t len, bool *lockingSuccess) void *addr; len = align_up(len, page_size); addr = mmap(nullptr, len, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (addr == MAP_FAILED) { + return nullptr; + } if (addr) { *lockingSuccess = mlock(addr, len) == 0; } diff --git a/src/support/lockedpool.h b/src/support/lockedpool.h index 48ffd7b307..b420c909fc 100644 --- a/src/support/lockedpool.h +++ b/src/support/lockedpool.h @@ -22,7 +22,7 @@ public: virtual ~LockedPageAllocator() {} /** Allocate and lock memory pages. * If len is not a multiple of the system page size, it is rounded up. - * Returns 0 in case of allocation failure. + * Returns nullptr in case of allocation failure. * * If locking the memory pages could not be accomplished it will still * return the memory, however the lockingSuccess flag will be false. -- cgit v1.2.3