diff options
| author | Doug Hogan <doug@cvs.openbsd.org> | 2014-10-22 05:19:28 +0000 |
|---|---|---|
| committer | Doug Hogan <doug@cvs.openbsd.org> | 2014-10-22 05:19:28 +0000 |
| commit | e66612e69ec38d1f57481f95da5adb0b0adf25f2 (patch) | |
| tree | db17cac3dd923afe7e069fe82a8007c276f34156 /lib/libc | |
| parent | ab378b1b79ca0379437901bea913a69273660e98 (diff) | |
Avoid writing in second person in malloc.3
ok deraadt@
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/stdlib/malloc.3 | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/lib/libc/stdlib/malloc.3 b/lib/libc/stdlib/malloc.3 index 8305b14d35f..caf1da22076 100644 --- a/lib/libc/stdlib/malloc.3 +++ b/lib/libc/stdlib/malloc.3 @@ -30,9 +30,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: malloc.3,v 1.81 2014/10/20 19:35:23 schwarze Exp $ +.\" $OpenBSD: malloc.3,v 1.82 2014/10/22 05:19:27 doug Exp $ .\" -.Dd $Mdocdate: October 20 2014 $ +.Dd $Mdocdate: October 22 2014 $ .Dt MALLOC 3 .Os .Sh NAME @@ -195,7 +195,7 @@ Consider .Fn calloc or the extension .Fn reallocarray -when you have multiplication in the +when there is multiplication in the .Fa size argument of .Fn malloc @@ -648,26 +648,25 @@ When using .Fn malloc , be wary of signed integer and .Vt size_t -overflow especially when you -have multiplication in the +overflow especially when there is multiplication in the .Fa size argument. .Pp Signed integer overflow will cause undefined behavior which compilers typically handle by wrapping back around to negative numbers. Depending on the input, this can result in allocating more or less -memory than you intended. +memory than intended. .Pp -An unsigned overflow has defined behavior which will wrap back around and you -will receive less memory than you intended. +An unsigned overflow has defined behavior which will wrap back around and +return less memory than intended. .Pp A signed or unsigned integer overflow is a .Em security -risk if you end up allocating less memory than you intended. -Your code may corrupt the heap by writing beyond the memory that you -were allocated. -An attacker may be able to leverage this heap corruption to convince your -program to execute arbitrary code. +risk if less memory is returned than intended. +Subsequent code may corrupt the heap by writing beyond the memory that was +allocated. +An attacker may be able to leverage this heap corruption to execute arbitrary +code. .Pp Consider using .Fn calloc |