summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-10-21 14:01:28 +0200
committerLennart Poettering <lennart@poettering.net>2014-10-21 14:01:28 +0200
commit97569e154b80541cbad39d78231b7f360d4ff058 (patch)
tree14f9d425736b76d0b90390dad8f961556dc78fab
parentbb604b2f42e8769947c6cf1c0242760ceb320929 (diff)
strv: add an additional overflow check when enlarging strv()s
https://bugs.freedesktop.org/show_bug.cgi?id=76745
-rw-r--r--src/shared/strv.c20
1 files changed, 16 insertions, 4 deletions
diff --git a/src/shared/strv.c b/src/shared/strv.c
index 0df978d23b..efa648df88 100644
--- a/src/shared/strv.c
+++ b/src/shared/strv.c
@@ -380,13 +380,19 @@ char *strv_join_quoted(char **l) {
int strv_push(char ***l, char *value) {
char **c;
- unsigned n;
+ unsigned n, m;
if (!value)
return 0;
n = strv_length(*l);
- c = realloc(*l, sizeof(char*) * (n + 2));
+
+ /* increase and check for overflow */
+ m = n + 2;
+ if (m < n)
+ return -ENOMEM;
+
+ c = realloc(*l, sizeof(char*) * (size_t) m);
if (!c)
return -ENOMEM;
@@ -399,13 +405,19 @@ int strv_push(char ***l, char *value) {
int strv_push_prepend(char ***l, char *value) {
char **c;
- unsigned n, i;
+ unsigned n, m, i;
if (!value)
return 0;
n = strv_length(*l);
- c = new(char*, n + 2);
+
+ /* increase and check for overflow */
+ m = n + 2;
+ if (m < n)
+ return -ENOMEM;
+
+ c = new(char*, m);
if (!c)
return -ENOMEM;