X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/3903760236c30e3b5ace7a4eefac3a269d68957c..d9a64523371fa019c4575bb400cbbc3a50ac9903:/bsd/security/audit/audit_bsd.c

diff --git a/bsd/security/audit/audit_bsd.c b/bsd/security/audit/audit_bsd.c
index a08ab453d..5a6ea3750 100644
--- a/bsd/security/audit/audit_bsd.c
+++ b/bsd/security/audit/audit_bsd.c
@@ -51,6 +51,8 @@
 #include <mach/host_special_ports.h>
 #include <mach/audit_triggers_server.h>
 
+#include <os/overflow.h>
+
 extern void ipc_port_release_send(ipc_port_t port);
 
 #if CONFIG_AUDIT
@@ -182,7 +184,10 @@ _audit_malloc(size_t size, au_malloc_type_t *type, int flags)
 #endif
 {
 	struct mhdr	*hdr;
-	size_t	memsize = sizeof (*hdr) + size;
+	size_t	memsize;
+	if (os_add_overflow(sizeof(*hdr), size, &memsize)) {
+		return (NULL);
+	}
 
 	if (size == 0)
 		return (NULL);
@@ -229,8 +234,9 @@ _audit_free(void *addr, __unused au_malloc_type_t *type)
 		return;
 	hdr = addr; hdr--;
 
-	KASSERT(hdr->mh_magic == AUDIT_MHMAGIC,
-	    ("_audit_free(): hdr->mh_magic != AUDIT_MHMAGIC"));
+	if (hdr->mh_magic != AUDIT_MHMAGIC) {
+	    panic("_audit_free(): hdr->mh_magic (%lx) != AUDIT_MHMAGIC", hdr->mh_magic);
+	}
 
 #if AUDIT_MALLOC_DEBUG
 	if (type != NULL) {