malloc and buffer overflow attacks

Walter Bright newshound2 at
Fri Dec 31 00:13:56 UTC 2021

While D offers buffer overflow detection, it does not protect against buffer 
overflows resulting from an array size calculation overflow:

     T* p = cast(T*)malloc(len * T.sizeof);

What if `len*T.sizeof` overflows? malloc() will succeed, but the result will be 
too small for the data.

I decided to grep dmd for such allocations:

and fix them with overflow checks. I recommend everyone check their own projects 
and eliminate such vulnerabilities.

I post this as I've recently seen reports on malware injection being enabled by 
presenting specially crafted input data to a program that causes an overflow on 
the allocation, then overwrites the data beyond the truncated allocated memory.

More information about the Digitalmars-d mailing list