diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-10-02 12:15:22 +0200 |
---|---|---|
committer | Sven Eden <sven.eden@prydeworx.com> | 2018-10-29 10:18:28 +0100 |
commit | 170b60b25b486805483c25a47ac85a6adf526084 (patch) | |
tree | 9947ba4ac6bb6cc060807e12086aa01e0350ac40 /src | |
parent | ecdabcedb0569eef869dff7d62526ee2647608f5 (diff) |
basic/hexdecoct: check for overflow
LGTM was complaining:
> Multiplication result may overflow 'int' before it is converted to 'long'.
Fix this by changing all types to ssize_t and add a check for overflow
while at it.
(cherry picked from commit 3d6c1844744f631995af72867d5f293430d8015b)
Diffstat (limited to 'src')
-rw-r--r-- | src/basic/hexdecoct.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/basic/hexdecoct.c b/src/basic/hexdecoct.c index 7748e8352..e402ba82e 100644 --- a/src/basic/hexdecoct.c +++ b/src/basic/hexdecoct.c @@ -592,8 +592,7 @@ static int base64_append_width( _cleanup_free_ char *x = NULL; char *t, *s; - ssize_t slen, len, avail; - int line, lines; + ssize_t len, slen, avail, line, lines; len = base64mem(p, l, &x); if (len <= 0) @@ -602,6 +601,9 @@ static int base64_append_width( lines = DIV_ROUND_UP(len, width); slen = strlen_ptr(sep); + if (lines > (SSIZE_MAX - plen - 1 - slen) / (indent + width + 1)) + return -ENOMEM; + t = realloc(*prefix, plen + 1 + slen + (indent + width + 1) * lines); if (!t) return -ENOMEM; |