status-im/secp256k1
2
0
Fork 0
mirror of https://github.com/status-im/secp256k1.git synced 2025-02-24 11:48:18 +00:00
Code Issues Projects Releases Wiki Activity

Add check preventing rounding to alignment from wrapping around in scratch_alloc

Browse Source
This commit is contained in:
Jonas Nick 2019-07-12 10:00:39 +00:00
parent 4edaf06fb0
commit 8ecc6ce50e
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/scratch_impl.h
View File

@ -72,7 +72,14 @@ static size_t secp256k1_scratch_max_allocation(const secp256k1_callback* error_c
static void *secp256k1_scratch_alloc(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t size) {
void *ret;
size = ROUND_TO_ALIGN(size);
size_t rounded_size;
rounded_size = ROUND_TO_ALIGN(size);
/* Check that rounding did not wrap around */
if (rounded_size < size) {
return NULL;
}
size = rounded_size;
if (memcmp(scratch->magic, "scratch", 8) != 0) {
secp256k1_callback_call(error_callback, "invalid scratch space");

4
src/tests.c
View File

@ -406,6 +406,10 @@ void run_scratch_tests(void) {
* ALIGNMENT is greater than 1 because otherwise the objects take no extra
* space. */
CHECK(ALIGNMENT <= 1 || !secp256k1_scratch_max_allocation(&none->error_callback, scratch, (SIZE_MAX / (ALIGNMENT - 1)) + 1));
/* Try allocating SIZE_MAX to test wrap around which only happens if
* ALIGNMENT > 1, otherwise it returns NULL anyway because the scratch
* space is too small. */
CHECK(secp256k1_scratch_alloc(&none->error_callback, scratch, SIZE_MAX) == NULL);
secp256k1_scratch_space_destroy(none, scratch);
/* cleanup */