Headline
CVE-2021-27435: Add integer overflow check to the malloc wrappers by LDong-Arm · Pull Request #14408 · ARMmbed/mbed-os
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Summary of changes
Backport of #14407
Add a check that the combined size of the buffer to allocate and alloc_info_t does not exceed the maximum integer value representable by size_t.
Impact of changes****Migration actions required****Documentation
None.
Pull request type
[x] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)
Test results
[] No Tests required for this change (E.g docs only update)
[x] Covered by existing mbed-os tests (Greentea or Unittest)
[x] Tests / results supplied as part of this PR
Manual check: malloc(SIZE_MAX) now fails as expected.
Reviewers
@evedon @donatieng
Related news
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.