diff options
author | Paul Eggert <eggert@cs.ucla.edu> | 2021-08-22 13:54:04 -0700 |
---|---|---|
committer | Paul Eggert <eggert@cs.ucla.edu> | 2021-08-22 14:02:22 -0700 |
commit | b05f7f54e4fe5c0d67128aaafa74f2a04b74752b (patch) | |
tree | cc81328d18ba3c7a633ce857d672a0355e60e9d9 | |
parent | 57e5c514dfe12ccaf6c12d2b07047bd15ee306fb (diff) | |
download | diffutils-b05f7f54e4fe5c0d67128aaafa74f2a04b74752b.tar.gz |
diff: add integer overflow checking
* src/diff.c (option_list, main): Check for integer overflow
in some unlikely and hard-to-test cases.
-rw-r--r-- | src/diff.c | 15 |
1 files changed, 12 insertions, 3 deletions
@@ -245,7 +245,11 @@ option_list (char **optionvec, int count) char *p; for (i = 0; i < count; i++) - size += 1 + shell_quote_length (optionvec[i]); + { + size_t optsize = 1 + shell_quote_length (optionvec[i]); + if (INT_ADD_WRAPV (optsize, size, &size)) + xalloc_die (); + } p = result = xmalloc (size); @@ -402,8 +406,13 @@ main (int argc, char **argv) "%>" "#endif /* @ */\n"); - char *b = xmalloc (sizeof C_ifdef_group_formats - + 7 * strlen (optarg) - 7 /* 7*"@" */); + size_t alloc = strlen (optarg); + if (INT_MULTIPLY_WRAPV (alloc, 7, &alloc) + || INT_ADD_WRAPV (alloc, + sizeof C_ifdef_group_formats - 7 /* 7*"@" */, + &alloc)) + xalloc_die (); + char *b = xmalloc (alloc); char *base = b; int changes = 0; |