Skip to content
This repository has been archived by the owner on Jul 24, 2024. It is now read-only.

Commit

Permalink
Add check preventing rounding to alignment from wrapping around in sc…
Browse files Browse the repository at this point in the history
…ratch_alloc
  • Loading branch information
jonasnick committed Jul 30, 2019
1 parent 4edaf06 commit 8ecc6ce
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
9 changes: 8 additions & 1 deletion src/scratch_impl.h
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,14 @@ static size_t secp256k1_scratch_max_allocation(const secp256k1_callback* error_c

static void *secp256k1_scratch_alloc(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t size) {
void *ret;
size = ROUND_TO_ALIGN(size);
size_t rounded_size;

rounded_size = ROUND_TO_ALIGN(size);
/* Check that rounding did not wrap around */
if (rounded_size < size) {
return NULL;
}
size = rounded_size;

if (memcmp(scratch->magic, "scratch", 8) != 0) {
secp256k1_callback_call(error_callback, "invalid scratch space");
Expand Down
4 changes: 4 additions & 0 deletions src/tests.c
Original file line number Diff line number Diff line change
Expand Up @@ -406,6 +406,10 @@ void run_scratch_tests(void) {
* ALIGNMENT is greater than 1 because otherwise the objects take no extra
* space. */
CHECK(ALIGNMENT <= 1 || !secp256k1_scratch_max_allocation(&none->error_callback, scratch, (SIZE_MAX / (ALIGNMENT - 1)) + 1));
/* Try allocating SIZE_MAX to test wrap around which only happens if
* ALIGNMENT > 1, otherwise it returns NULL anyway because the scratch
* space is too small. */
CHECK(secp256k1_scratch_alloc(&none->error_callback, scratch, SIZE_MAX) == NULL);
secp256k1_scratch_space_destroy(none, scratch);

/* cleanup */
Expand Down

0 comments on commit 8ecc6ce

Please sign in to comment.