From: Alan Cox <alan@linux.intel.com>
Date: Tue, 28 Jun 2016 09:46:15 +0000 (+0100)
Subject: malloc: do the overflow maths in unsigned
X-Git-Url: https://git.ndcode.org/public/gitweb.cgi?a=commitdiff_plain;h=ee6ae720c9c415079f7696bacba3704504eba801;p=FUZIX.git

malloc: do the overflow maths in unsigned
---

diff --git a/Library/libs/malloc.c b/Library/libs/malloc.c
index abe00a49..2e567fba 100644
--- a/Library/libs/malloc.c
+++ b/Library/libs/malloc.c
@@ -33,7 +33,7 @@ static struct memh *brkmore(size_t nb)
 	if (p == (struct memh *) -1)
 		return NULL;
 	/* Overflow catch */
-	if (p + nb < p)
+	if ((uintptr_t)p + sizeof(struct memh) * nb < (uintptr_t)p)
 		return NULL;
 	/* Move our break point. Using brk this way avoids the sign problems */
 	if (brk(p + nb))