Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 433992 (CVE-2002-2439) - <sys-devel/gcc-4.8.0: Integer overflow can occur during the computation of the memory region size for new[] operator (CVE-2002-2439)
Summary: <sys-devel/gcc-4.8.0: Integer overflow can occur during the computation of th...
Alias: CVE-2002-2439
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [noglsa cve]
Depends on:
Reported: 2012-09-05 05:17 UTC by Agostino Sarubbo
Modified: 2017-04-17 00:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-09-05 05:17:56 UTC
From red hat bugzilla at $URL:

It was reported that C++ new[] operator was previously missing integer overflow / wrap around checks for its arguments. If an application compiled with gcc accepted untrusted input for memory allocation and was missing application-level checks for integer overflows of arguments, provided to the new[] operator, an attacker could use this flaw to cause the memory region, allocated in the end for the new[] operator statement, it to be smaller than truly required, possibly leading to heap-based buffer overflows.

Upstream bug report:

Upstream patch:

Proposed upstream patch for the __cxa_vec_new yet (pending upstream review):

Comment 1
Comment 1 Ryan Hill (RETIRED) gentoo-dev 2012-09-09 19:19:58 UTC
If anything that's a security enhancement for badly written programs, not a vulnerability itself.
Comment 2 SpanKY gentoo-dev 2012-09-10 05:29:26 UTC
it's not entirely clear whether the patch changes the ABI (they mention using a new symbol).  if it does, then we won't be doing a backport of it.
Comment 3 Agostino Sarubbo gentoo-dev 2012-11-05 19:54:39 UTC
Comment 4 Chris Reffett (RETIRED) gentoo-dev Security 2013-07-08 23:07:09 UTC
Seems to be fixed in 4.8.0.
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2016-02-21 06:43:42 UTC
Bug fixed in 4.8.0 as previous comment notes.  Below is a link to redhat's bugzilla stating the impact of backporting a patch.  

@base-system and @toolchain, please advise on backport. Doubtful a cleanup is possible here for compatibility reasons.
Comment 6 SpanKY gentoo-dev 2016-02-21 08:05:19 UTC
no plans to backport or clean up.  gcc-4.9 is stable across the board at this point.
Comment 7 Yury German Gentoo Infrastructure gentoo-dev 2017-04-17 00:45:23 UTC
GLSA Vote No

Thank you all for your work
Closing no GLSA