diff options
author | Lennart Poettering <lennart@poettering.net> | 2013-12-10 18:53:03 +0000 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2013-12-10 18:53:56 +0000 |
commit | 98088803bb2a9f89b7bbc063123dda3343138f18 (patch) | |
tree | edb1cb891fd460ac6df926e61f90ae9af75cc653 /src | |
parent | e77f18939b849e636591309ef2f400b6dd537b60 (diff) |
util: check for overflow in greedy_realloc()
Diffstat (limited to 'src')
-rw-r--r-- | src/shared/util.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/shared/util.c b/src/shared/util.c index 9c07392c59..1c35edfbb1 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -5792,12 +5792,18 @@ void* greedy_realloc(void **p, size_t *allocated, size_t need) { size_t a; void *q; + assert(p); assert(allocated); if (*allocated >= need) return *p; a = MAX(64u, need * 2); + + /* check for overflows */ + if (a < need) + return NULL; + q = realloc(*p, a); if (!q) return NULL; @@ -5808,9 +5814,14 @@ void* greedy_realloc(void **p, size_t *allocated, size_t need) { } void* greedy_realloc0(void **p, size_t *allocated, size_t need) { - size_t prev = *allocated; + size_t prev; uint8_t *q; + assert(p); + assert(allocated); + + prev = *allocated; + q = greedy_realloc(p, allocated, need); if (!q) return NULL; |