File tree Expand file tree Collapse file tree 2 files changed +12
-1
lines changed Expand file tree Collapse file tree 2 files changed +12
-1
lines changed Original file line number Diff line number Diff line change @@ -72,7 +72,14 @@ static size_t secp256k1_scratch_max_allocation(const secp256k1_callback* error_c
72
72
73
73
static void * secp256k1_scratch_alloc (const secp256k1_callback * error_callback , secp256k1_scratch * scratch , size_t size ) {
74
74
void * ret ;
75
- size = ROUND_TO_ALIGN (size );
75
+ size_t rounded_size ;
76
+
77
+ rounded_size = ROUND_TO_ALIGN (size );
78
+ /* Check that rounding did not wrap around */
79
+ if (rounded_size < size ) {
80
+ return NULL ;
81
+ }
82
+ size = rounded_size ;
76
83
77
84
if (memcmp (scratch -> magic , "scratch" , 8 ) != 0 ) {
78
85
secp256k1_callback_call (error_callback , "invalid scratch space" );
Original file line number Diff line number Diff line change @@ -406,6 +406,10 @@ void run_scratch_tests(void) {
406
406
* ALIGNMENT is greater than 1 because otherwise the objects take no extra
407
407
* space. */
408
408
CHECK (ALIGNMENT <= 1 || !secp256k1_scratch_max_allocation (& none -> error_callback , scratch , (SIZE_MAX / (ALIGNMENT - 1 )) + 1 ));
409
+ /* Try allocating SIZE_MAX to test wrap around which only happens if
410
+ * ALIGNMENT > 1, otherwise it returns NULL anyway because the scratch
411
+ * space is too small. */
412
+ CHECK (secp256k1_scratch_alloc (& none -> error_callback , scratch , SIZE_MAX ) == NULL );
409
413
secp256k1_scratch_space_destroy (none , scratch );
410
414
411
415
/* cleanup */
You can’t perform that action at this time.
0 commit comments