commit 4ae0717157fe75f8c600ff01dded24c2a723af4b
parent f16ec686af5b4b85ac6c5959361c2156259bd0e9
Author: sin <sin@2f30.org>
Date: Tue, 26 Feb 2019 11:02:47 +0000
Detect overflow before realloc
Diffstat:
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/dedup.c b/dedup.c
@@ -4,6 +4,7 @@
#include <err.h>
#include <fcntl.h>
+#include <limits.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
@@ -135,10 +136,17 @@ free_snap(struct snapshot *snap)
static struct snapshot *
grow_snap(struct snapshot *snap, uint64_t nr_blk_descs)
{
- size_t size;
+ size_t size, mul;
+
+ if (nr_blk_descs > SIZE_MAX / sizeof(snap->blk_desc[0]))
+ errx(1, "grow_snap: overflow");
+ mul = nr_blk_descs * sizeof(snap->blk_desc[0]);
size = sizeof(*snap);
- size += nr_blk_descs * sizeof(snap->blk_desc[0]);
+ if (size > SIZE_MAX - mul)
+ errx(1, "grow_snap: overflow");
+ size += mul;
+
snap = realloc(snap, size);
if (snap == NULL)
err(1, "realloc");
