scc

simple C compiler
git clone git://git.2f30.org/scc
Log | Files | Refs | README | LICENSE

commit 86f5bf37e46015bab156c5e462f4a16cd502d552
parent 91088df2692cc0c89f0828c12dd8ff8850e39de3
Author: Quentin Rameau <quinq@fifth.space>
Date:   Sat, 18 Jun 2016 15:25:28 +0200

[driver] fix possible overflow in newitem()

Diffstat:
Mdriver/posix/scc.c | 11+++++++----
Minc/cc.h | 4++--
Mlib/newitem.c | 8++++++--
3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/driver/posix/scc.c b/driver/posix/scc.c @@ -32,7 +32,8 @@ static struct tool { char bin[16]; char *outfile; struct items args; - int nparams, in, out, init; + unsigned nparams; + int in, out, init; pid_t pid; } tools[] = { [CC1] = { .bin = "cc1", .cmd = PREFIX "/libexec/scc/", }, @@ -56,7 +57,7 @@ extern int failure; static void terminate(void) { - int i; + unsigned i; if (!kflag) { for (i = 0; i < objtmp.n; ++i) @@ -165,7 +166,8 @@ static int settool(int tool, char *infile, int nexttool) { struct tool *t = &tools[tool]; - int i, fds[2]; + unsigned i; + int fds[2]; static int fdin = -1; switch (tool) { @@ -277,7 +279,8 @@ static int validatetools(void) { struct tool *t; - int i, tool, st, failed = LAST_TOOL; + unsigned i; + int tool, st, failed = LAST_TOOL; for (tool = 0; tool < LAST_TOOL; ++tool) { t = &tools[tool]; diff --git a/inc/cc.h b/inc/cc.h @@ -16,12 +16,12 @@ extern int debug; struct items { char **s; - int n; + unsigned n; }; extern void die(const char *fmt, ...); extern void dbg(const char *fmt, ...); -extern char **newitem(char **array, int num, char *item); +extern char **newitem(char **array, unsigned num, char *item); extern void *xmalloc(size_t size); extern void *xcalloc(size_t nmemb, size_t size); extern char *xstrdup(const char *s); diff --git a/lib/newitem.c b/lib/newitem.c @@ -1,10 +1,14 @@ #include "../inc/cc.h" char ** -newitem(char **array, int num, char *item) +newitem(char **array, unsigned num, char *item) { - char **ar = xrealloc(array, (num + 1) * sizeof(char **)); + char **ar; + if ((num + 1) < num) + die("newitem: overflow (%u + 1)", num); + + ar = xrealloc(array, (num + 1) * sizeof(char **)); ar[num] = item; return ar;