colin/bubblewrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check for allocation size overflows

Browse Source 
Avoid integer overflows in allocation size variables to avoid passing 0
to xrealloc().

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
This commit is contained in:
Christian Göttsche
2024-02-02 20:06:26 +01:00
parent 9aa1b3636b
commit 422c078ed8
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
utils.c
View File

@@ -19,6 +19,7 @@
#include "config.h" #include "config.h"
#include "utils.h" #include "utils.h"
#include <stdint.h>
#include <sys/syscall.h> #include <sys/syscall.h>
#include <sys/socket.h> #include <sys/socket.h>
#ifdef HAVE_SELINUX #ifdef HAVE_SELINUX
@@ -594,6 +595,12 @@ load_file_data (int fd,
{ {
if (data_len == data_read + 1) if (data_len == data_read + 1)
{ {
if (data_len > SIZE_MAX / 2)
{
errno = EFBIG;
return NULL;
}
data_len *= 2; data_len *= 2;
data = xrealloc (data, data_len); data = xrealloc (data, data_len);
} }
@@ -820,6 +827,8 @@ readlink_malloc (const char *pathname)
do do
{ {
if (size > SIZE_MAX / 2)
die ("Symbolic link target pathname too long");
size *= 2; size *= 2;
value = xrealloc (value, size); value = xrealloc (value, size);
n = readlink (pathname, value, size - 1); n = readlink (pathname, value, size - 1);