diff: add integer overflow checking

* src/diff.c (option_list, main): Check for integer overflow in some unlikely and hard-to-test cases.
author: Paul Eggert <eggert@cs.ucla.edu> 2021-08-22 13:54:04 -0700
committer: Paul Eggert <eggert@cs.ucla.edu> 2021-08-22 14:02:22 -0700
commit: b05f7f54e4fe5c0d67128aaafa74f2a04b74752b (patch)
tree: cc81328d18ba3c7a633ce857d672a0355e60e9d9
parent: 57e5c514dfe12ccaf6c12d2b07047bd15ee306fb (diff)
download: diffutils-b05f7f54e4fe5c0d67128aaafa74f2a04b74752b.tar.gz
1 files changed, 12 insertions, 3 deletions
diff --git a/src/diff.c b/src/diff.c
index 36cc76a..a4e5538 100644
--- a/src/diff.c
+++ b/src/diff.c
@@ -245,7 +245,11 @@ option_list (char **optionvec, int count)
   char *p;
 
   for (i = 0; i < count; i++)
-    size += 1 + shell_quote_length (optionvec[i]);
+    {
+      size_t optsize = 1 + shell_quote_length (optionvec[i]);
+      if (INT_ADD_WRAPV (optsize, size, &size))
+	xalloc_die ();
+    }
 
   p = result = xmalloc (size);
 
@@ -402,8 +406,13 @@ main (int argc, char **argv)
 		 "%>"
 		 "#endif /* @ */\n");
 
-	    char *b = xmalloc (sizeof C_ifdef_group_formats
-			       + 7 * strlen (optarg) - 7 /* 7*"@" */);
+	    size_t alloc = strlen (optarg);
+	    if (INT_MULTIPLY_WRAPV (alloc, 7, &alloc)
+		|| INT_ADD_WRAPV (alloc,
+				  sizeof C_ifdef_group_formats - 7 /* 7*"@" */,
+				  &alloc))
+	      xalloc_die ();
+	    char *b = xmalloc (alloc);
 	    char *base = b;
 	    int changes = 0;
author	Paul Eggert <eggert@cs.ucla.edu>	2021-08-22 13:54:04 -0700
committer	Paul Eggert <eggert@cs.ucla.edu>	2021-08-22 14:02:22 -0700
commit	b05f7f54e4fe5c0d67128aaafa74f2a04b74752b (patch)
tree	cc81328d18ba3c7a633ce857d672a0355e60e9d9
parent	57e5c514dfe12ccaf6c12d2b07047bd15ee306fb (diff)
download	diffutils-b05f7f54e4fe5c0d67128aaafa74f2a04b74752b.tar.gz