From 1a32e6e6b0f8efd825ba0c4fc4d144a65f799455 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 27 Mar 2018 14:56:04 +0200
Subject: util: check for overflows in xbsearch_r()

---
 src/basic/util.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/basic/util.c b/src/basic/util.c
index e096e3194..3ea2e6f67 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -186,11 +186,13 @@ void *xbsearch_r(const void *key, const void *base, size_t nmemb, size_t size,
         const void *p;
         int comparison;
 
+        assert(!size_multiply_overflow(nmemb, size));
+
         l = 0;
         u = nmemb;
         while (l < u) {
                 idx = (l + u) / 2;
-                p = (const char *) base + idx * size;
+                p = (const uint8_t*) base + idx * size;
                 comparison = compar(key, p, arg);
                 if (comparison < 0)
                         u = idx;
-- 
cgit v1.2.3