strv: add an additional overflow check when enlarging strv()s

https://bugs.freedesktop.org/show_bug.cgi?id=76745 This also adds: strv: use realloc_multiply() to check for multiplication overflow by Michal Schmidt <mschmidt@redhat.com> This could overflow on 32bit, where size_t is the same as unsigned. Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
author: Lennart Poettering <lennart@poettering.net> 2014-10-22 07:16:37 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2014-10-22 07:20:57 -0400
commit: 86d54f4f8c4535e663ae706dd270bd80d5af7b99 (patch)
tree: 7c9261e30df351cc666dbab3877c45035c85e7ec /src/shared/strv.c
parent: 8c0283472139212aab685b42f85142a9148fc7ef (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/src/shared/strv.c b/src/shared/strv.c
index 7c43f256d3..85ae556c16 100644
--- a/src/shared/strv.c
+++ b/src/shared/strv.c
@@ -142,13 +142,19 @@ char **strv_new(const char *x, ...) {
 
 int strv_push(char ***l, char *value) {
         char **c;
-        unsigned n;
+        unsigned n, m;
 
         if (!value)
                 return 0;
 
         n = strv_length(*l);
-        c = realloc(*l, sizeof(char*) * (n + 2));
+
+        /* increase and check for overflow */
+        m = n + 2;
+        if (m < n)
+                return -ENOMEM;
+
+        c = realloc_multiply(*l, sizeof(char*), m);
         if (!c)
                 return -ENOMEM;
author	Lennart Poettering <lennart@poettering.net>	2014-10-22 07:16:37 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2014-10-22 07:20:57 -0400
commit	86d54f4f8c4535e663ae706dd270bd80d5af7b99 (patch)
tree	7c9261e30df351cc666dbab3877c45035c85e7ec /src/shared/strv.c
parent	8c0283472139212aab685b42f85142a9148fc7ef (diff)