diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-10-22 07:16:37 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2014-10-22 07:20:57 -0400 |
commit | 86d54f4f8c4535e663ae706dd270bd80d5af7b99 (patch) | |
tree | 7c9261e30df351cc666dbab3877c45035c85e7ec /src/shared | |
parent | 8c0283472139212aab685b42f85142a9148fc7ef (diff) |
strv: add an additional overflow check when enlarging strv()s
https://bugs.freedesktop.org/show_bug.cgi?id=76745
This also adds:
strv: use realloc_multiply() to check for multiplication overflow
by Michal Schmidt <mschmidt@redhat.com>
This could overflow on 32bit, where size_t is the same as unsigned.
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
Diffstat (limited to 'src/shared')
-rw-r--r-- | src/shared/strv.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/shared/strv.c b/src/shared/strv.c index 7c43f256d3..85ae556c16 100644 --- a/src/shared/strv.c +++ b/src/shared/strv.c @@ -142,13 +142,19 @@ char **strv_new(const char *x, ...) { int strv_push(char ***l, char *value) { char **c; - unsigned n; + unsigned n, m; if (!value) return 0; n = strv_length(*l); - c = realloc(*l, sizeof(char*) * (n + 2)); + + /* increase and check for overflow */ + m = n + 2; + if (m < n) + return -ENOMEM; + + c = realloc_multiply(*l, sizeof(char*), m); if (!c) return -ENOMEM; |