Skip to content

Commit b2fbe6e

Browse files
override memcpy and perform size checks
Signed-off-by: Tavi <tavi@divested.dev>
1 parent 4fe9018 commit b2fbe6e

File tree

2 files changed

+23
-0
lines changed

2 files changed

+23
-0
lines changed

h_malloc.c

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1874,6 +1874,27 @@ EXPORT size_t h_malloc_object_size_fast(const void *p) {
18741874
return SIZE_MAX;
18751875
}
18761876

1877+
EXPORT void *h_memcpy(void *dst, const void *src, size_t len) {
1878+
if (len > malloc_object_size(src)) {
1879+
fatal_error("memcpy read overflow");
1880+
}
1881+
if (len > malloc_object_size(dst)) {
1882+
fatal_error("memcpy buffer overflow");
1883+
}
1884+
1885+
if (dst == src) {
1886+
return dst;
1887+
}
1888+
1889+
char *d = (char *)dst;
1890+
const char *s = (const char *)src;
1891+
for (size_t i = 0; i < len; ++i) {
1892+
d[i] = s[i];
1893+
}
1894+
1895+
return dst;
1896+
}
1897+
18771898
EXPORT int h_mallopt(UNUSED int param, UNUSED int value) {
18781899
#ifdef __ANDROID__
18791900
if (param == M_PURGE) {

include/h_malloc.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ extern "C" {
1515
#define h_realloc realloc
1616
#define h_aligned_alloc aligned_alloc
1717
#define h_free free
18+
#define h_memcpy memcpy
1819

1920
#define h_posix_memalign posix_memalign
2021

@@ -54,6 +55,7 @@ __attribute__((alloc_size(2))) void *h_realloc(void *ptr, size_t size);
5455
__attribute__((malloc)) __attribute__((alloc_size(2))) __attribute__((alloc_align(1)))
5556
void *h_aligned_alloc(size_t alignment, size_t size);
5657
void h_free(void *ptr);
58+
void *h_memcpy(void *dstpp, const void *srcpp, size_t len);
5759

5860
// POSIX
5961
int h_posix_memalign(void **memptr, size_t alignment, size_t size);

0 commit comments

Comments
 (0)