@@ -378,7 +378,17 @@ void *xmem_pool_alloc(unsigned long size
int fl, sl;
unsigned long tmp_size;
- size = (size < MIN_BLOCK_SIZE) ? MIN_BLOCK_SIZE : ROUNDUP_SIZE(size);
+ if ( size < MIN_BLOCK_SIZE )
+ size = MIN_BLOCK_SIZE;
+ else
+ {
+ tmp_size = ROUNDUP_SIZE(size);
+ /* Guard against overflow. */
+ if ( tmp_size < size )
+ return NULL;
+ size = tmp_size;
+ }
+
/* Rounding up the requested size and calculating fl and sl */
spin_lock(&pool->lock);
@@ -594,6 +604,10 @@ void *_xmalloc(unsigned long size, unsig
align = MEM_ALIGN;
size += align - MEM_ALIGN;
+ /* Guard against overflow. */
+ if ( size < align - MEM_ALIGN )
+ return NULL;
+
if ( !xenpool )
tlsf_init();
@@ -646,6 +660,10 @@ void *_xrealloc(void *ptr, unsigned long
unsigned long tmp_size = size + align - MEM_ALIGN;
const struct bhdr *b;
+ /* Guard against overflow. */
+ if ( tmp_size < size )
+ return NULL;
+
if ( tmp_size < PAGE_SIZE )
tmp_size = (tmp_size < MIN_BLOCK_SIZE) ? MIN_BLOCK_SIZE :
ROUNDUP_SIZE(tmp_size);