And as long as we're attempting to achieve perfection in code
that is never going to be executed, let's also check for possible overflow in a sum that will never be computed...
This commit is contained in:
parent
1f29642da2
commit
bcc54a5c42
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: expandm.c,v 1.10 2019/01/23 02:32:06 kre Exp $ */
|
||||
/* $NetBSD: expandm.c,v 1.11 2019/01/23 02:48:48 kre Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2019 The NetBSD Foundation, Inc.
|
||||
|
@ -29,7 +29,7 @@
|
|||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include <sys/cdefs.h>
|
||||
__RCSID("$NetBSD: expandm.c,v 1.10 2019/01/23 02:32:06 kre Exp $");
|
||||
__RCSID("$NetBSD: expandm.c,v 1.11 2019/01/23 02:48:48 kre Exp $");
|
||||
|
||||
#include <limits.h>
|
||||
#include <stdio.h>
|
||||
|
@ -68,7 +68,19 @@ expandm(const char *fmt, const char *sf, char **rbuf)
|
|||
*/
|
||||
if (__predict_false(nlen >= INT_MAX)) {
|
||||
size_t blen = buf ? strlen(buf) : 0;
|
||||
size_t tlen = nlen + blen;
|
||||
size_t tlen;
|
||||
|
||||
/*
|
||||
* if we would overflow a ptrdiff_t when computing
|
||||
* tlen, then don't bother. The format string is
|
||||
* simply too large to be converted.
|
||||
*/
|
||||
if (blen >= PTRDIFF_MAX ||
|
||||
nlen >= PTRDIFF_MAX - blen ||
|
||||
nlen >= SIZE_T_MAX - blen)
|
||||
goto out;
|
||||
|
||||
tlen = nlen + blen;
|
||||
|
||||
/*
|
||||
* We can't exceed PTRDIFF_MAX because we would
|
||||
|
|
Loading…
Reference in New Issue