osi: Prevent memory allocations with MSB set

Limit allocations on 32bit to 2 GB Limit allocations on 64bit to 8 Exabyte Bug: 197868577 Tag: #refactor Test: gd/cert/run Ignore-AOSP-First: Security Change-Id: I1c347084d7617b1e364a3241f1b37b398a2a6c6a
author: Chris Manton <cmanton@google.com> 2021-09-29 17:49:25 -0700
committer: Chris Manton <cmanton@google.com> 2021-10-06 05:41:29 +0000
commit: fa98e7e86947b0035123b77cf7e1c0b969db71f6 (patch)
tree: fccb4a997aadecb39f88e85c054056bc2c8846be
parent: b474562c539b82887cbccc7b68d17877c579c2ff (diff)
download: bt-fa98e7e86947b0035123b77cf7e1c0b969db71f6.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/osi/src/allocator.cc b/osi/src/allocator.cc
index 1c0449e14..e2c356dd3 100644
--- a/osi/src/allocator.cc
+++ b/osi/src/allocator.cc
@@ -56,6 +56,7 @@ char* osi_strndup(const char* str, size_t len) {
 }
 
 void* osi_malloc(size_t size) {
+  CHECK(static_cast<ssize_t>(size) >= 0);
   size_t real_size = allocation_tracker_resize_for_canary(size);
   void* ptr = malloc(real_size);
   CHECK(ptr);
@@ -63,6 +64,7 @@ void* osi_malloc(size_t size) {
 }
 
 void* osi_calloc(size_t size) {
+  CHECK(static_cast<ssize_t>(size) >= 0);
   size_t real_size = allocation_tracker_resize_for_canary(size);
   void* ptr = calloc(1, real_size);
   CHECK(ptr);
author	Chris Manton <cmanton@google.com>	2021-09-29 17:49:25 -0700
committer	Chris Manton <cmanton@google.com>	2021-10-06 05:41:29 +0000
commit	fa98e7e86947b0035123b77cf7e1c0b969db71f6 (patch)
tree	fccb4a997aadecb39f88e85c054056bc2c8846be
parent	b474562c539b82887cbccc7b68d17877c579c2ff (diff)
download	bt-fa98e7e86947b0035123b77cf7e1c0b969db71f6.tar.gz