Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vis(3): Avoid arithmetic overflow before calloc(3). 

Prompted by PR lib/57573.

XXX pullup-10
XXX pullup-9
XXX pullup-8
This commit is contained in:
riastradh 2023-08-12 12:47:17 +00:00
parent 0da31b0324
commit 4476814b92
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/libc/gen/vis.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: vis.c,v 1.78 2023/08/12 12:46:50 riastradh Exp $ */ /* $NetBSD: vis.c,v 1.79 2023/08/12 12:47:17 riastradh Exp $ */
/*- /*-
* Copyright (c) 1989, 1993 * Copyright (c) 1989, 1993
@ -57,7 +57,7 @@
#include <sys/cdefs.h> #include <sys/cdefs.h>
#if defined(LIBC_SCCS) && !defined(lint) #if defined(LIBC_SCCS) && !defined(lint)
__RCSID("$NetBSD: vis.c,v 1.78 2023/08/12 12:46:50 riastradh Exp $"); __RCSID("$NetBSD: vis.c,v 1.79 2023/08/12 12:47:17 riastradh Exp $");
#endif /* LIBC_SCCS and not lint */ #endif /* LIBC_SCCS and not lint */
#ifdef __FBSDID #ifdef __FBSDID
__FBSDID("$FreeBSD$"); __FBSDID("$FreeBSD$");
@ -432,6 +432,14 @@ istrsenvisx(char **mbdstp, size_t *dlen, const char *mbsrc, size_t mblength,
* return to the caller. * return to the caller.
*/ */
/*
* Guarantee the arithmetic on input to calloc won't overflow.
*/
if (mbslength > (SIZE_MAX - 1)/16) {
errno = ENOMEM;
return -1;
}
/* Allocate space for the wide char strings */ /* Allocate space for the wide char strings */
psrc = pdst = extra = NULL; psrc = pdst = extra = NULL;
mdst = NULL; mdst = NULL;