summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-10-22 07:16:37 -0400
committerAnthony G. Basile <blueness@gentoo.org>2014-10-22 07:20:57 -0400
commit86d54f4f8c4535e663ae706dd270bd80d5af7b99 (patch)
tree7c9261e30df351cc666dbab3877c45035c85e7ec
parent8c0283472139212aab685b42f85142a9148fc7ef (diff)
strv: add an additional overflow check when enlarging strv()s
https://bugs.freedesktop.org/show_bug.cgi?id=76745 This also adds: strv: use realloc_multiply() to check for multiplication overflow by Michal Schmidt <mschmidt@redhat.com> This could overflow on 32bit, where size_t is the same as unsigned. Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
-rw-r--r--src/shared/strv.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/shared/strv.c b/src/shared/strv.c
index 7c43f256d3..85ae556c16 100644
--- a/src/shared/strv.c
+++ b/src/shared/strv.c
@@ -142,13 +142,19 @@ char **strv_new(const char *x, ...) {
int strv_push(char ***l, char *value) {
char **c;
- unsigned n;
+ unsigned n, m;
if (!value)
return 0;
n = strv_length(*l);
- c = realloc(*l, sizeof(char*) * (n + 2));
+
+ /* increase and check for overflow */
+ m = n + 2;
+ if (m < n)
+ return -ENOMEM;
+
+ c = realloc_multiply(*l, sizeof(char*), m);
if (!c)
return -ENOMEM;