From 98088803bb2a9f89b7bbc063123dda3343138f18 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 10 Dec 2013 18:53:03 +0000
Subject: util: check for overflow in greedy_realloc()

---
 src/shared/util.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'src/shared')

diff --git a/src/shared/util.c b/src/shared/util.c
index 9c07392c59..1c35edfbb1 100644
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -5792,12 +5792,18 @@ void* greedy_realloc(void **p, size_t *allocated, size_t need) {
         size_t a;
         void *q;
 
+        assert(p);
         assert(allocated);
 
         if (*allocated >= need)
                 return *p;
 
         a = MAX(64u, need * 2);
+
+        /* check for overflows */
+        if (a < need)
+                return NULL;
+
         q = realloc(*p, a);
         if (!q)
                 return NULL;
@@ -5808,9 +5814,14 @@ void* greedy_realloc(void **p, size_t *allocated, size_t need) {
 }
 
 void* greedy_realloc0(void **p, size_t *allocated, size_t need) {
-        size_t prev = *allocated;
+        size_t prev;
         uint8_t *q;
 
+        assert(p);
+        assert(allocated);
+
+        prev = *allocated;
+
         q = greedy_realloc(p, allocated, need);
         if (!q)
                 return NULL;
-- 
cgit v1.2.3-54-g00ecf