Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/lib/libwrap limit allocation to PTRDIFF_T to appease gcc-7, ...



details:   https://anonhg.NetBSD.org/src/rev/06b97703ea03
branches:  trunk
changeset: 996202:06b97703ea03
user:      christos <christos%NetBSD.org@localhost>
date:      Wed Jan 23 02:00:00 2019 +0000

description:
limit allocation to PTRDIFF_T to appease gcc-7, from mrg@

diffstat:

 lib/libwrap/expandm.c |  26 ++++++++++++++++++++------
 1 files changed, 20 insertions(+), 6 deletions(-)

diffs (53 lines):

diff -r cfe169a902f1 -r 06b97703ea03 lib/libwrap/expandm.c
--- a/lib/libwrap/expandm.c     Wed Jan 23 00:08:06 2019 +0000
+++ b/lib/libwrap/expandm.c     Wed Jan 23 02:00:00 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: expandm.c,v 1.8 2019/01/14 03:30:25 kre Exp $  */
+/*     $NetBSD: expandm.c,v 1.9 2019/01/23 02:00:00 christos Exp $     */
 
 /*-
  * Copyright (c) 2019 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: expandm.c,v 1.8 2019/01/14 03:30:25 kre Exp $");
+__RCSID("$NetBSD: expandm.c,v 1.9 2019/01/23 02:00:00 christos Exp $");
 
 #include <limits.h>
 #include <stdio.h>
@@ -60,16 +60,30 @@
                for (char *p = m; p >= ptr && *p == '%'; p--)
                        cnt++;
 
-               if (__predict_false((m - ptr) >= INT_MAX)) {
+               size_t nlen = (size_t)(m - ptr);
+               /*
+                * we can't exceed INT_MAX because int is used as 
+                * a format width
+                */
+               if (__predict_false(nlen >= INT_MAX)) {
                        size_t blen = buf ? strlen(buf) : 0;
-                       size_t nlen = (size_t)(m - ptr);
+                       size_t tlen = nlen + blen;
 
-                       nbuf = realloc(buf, blen + nlen + 1);
+                       /*
+                        * We can't exceed PTRDIFF_MAX because we would
+                        * not be able to address the pointers
+                        */
+                       if (tlen >= PTRDIFF_MAX) {
+                               errno = EINVAL;
+                               goto out;
+                       }
+
+                       nbuf = realloc(buf, tlen + 1);
                        if (nbuf == NULL)
                                goto out;
 
                        memcpy(nbuf + blen, ptr, nlen);
-                       nbuf[blen + nlen] = '\0';
+                       nbuf[tlen] = '\0';
                        ptr += nlen;
                        buf = nbuf;
                }



Home | Main Index | Thread Index | Old Index