vis(3): Avoid arithmetic overflow before calloc(3).
Prompted by PR lib/57573. XXX pullup-10 XXX pullup-9 XXX pullup-8
This commit is contained in:
parent
0da31b0324
commit
4476814b92
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: vis.c,v 1.78 2023/08/12 12:46:50 riastradh Exp $ */
|
||||
/* $NetBSD: vis.c,v 1.79 2023/08/12 12:47:17 riastradh Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1989, 1993
|
||||
|
@ -57,7 +57,7 @@
|
|||
|
||||
#include <sys/cdefs.h>
|
||||
#if defined(LIBC_SCCS) && !defined(lint)
|
||||
__RCSID("$NetBSD: vis.c,v 1.78 2023/08/12 12:46:50 riastradh Exp $");
|
||||
__RCSID("$NetBSD: vis.c,v 1.79 2023/08/12 12:47:17 riastradh Exp $");
|
||||
#endif /* LIBC_SCCS and not lint */
|
||||
#ifdef __FBSDID
|
||||
__FBSDID("$FreeBSD$");
|
||||
|
@ -432,6 +432,14 @@ istrsenvisx(char **mbdstp, size_t *dlen, const char *mbsrc, size_t mblength,
|
|||
* return to the caller.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Guarantee the arithmetic on input to calloc won't overflow.
|
||||
*/
|
||||
if (mbslength > (SIZE_MAX - 1)/16) {
|
||||
errno = ENOMEM;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Allocate space for the wide char strings */
|
||||
psrc = pdst = extra = NULL;
|
||||
mdst = NULL;
|
||||
|
|
Loading…
Reference in New Issue