Check for overflow when converting from size_t to 'int'.

author: Bruno Haible <bruno@clisp.org> 2003-10-30 14:09:04 +0000
committer: Bruno Haible <bruno@clisp.org> 2003-10-30 14:09:04 +0000
commit: e989260658cab39b391ef9dab1380024365332c8 (patch)
tree: 75a87142a160bce97661abdb27d3b8e83c54d3ec /lib/vasprintf.c
parent: 25c83b47df5ba2528dd425a5f97136539d8d3d10 (diff)
download: gnulib-e989260658cab39b391ef9dab1380024365332c8.tar.gz
1 files changed, 12 insertions, 1 deletions
diff --git a/lib/vasprintf.c b/lib/vasprintf.c
index 7c8f212d72..bda9aa1b0f 100644
--- a/lib/vasprintf.c
+++ b/lib/vasprintf.c
@@ -1,5 +1,5 @@
 /* Formatted output to strings.
-   Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+   Copyright (C) 1999, 2002-2003 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -22,6 +22,9 @@
 /* Specification.  */
 #include "vasprintf.h"
 
+#include <limits.h>
+#include <stdlib.h>
+
 #include "vasnprintf.h"
 
 int
@@ -31,6 +34,14 @@ vasprintf (char **resultp, const char *format, va_list args)
   char *result = vasnprintf (NULL, &length, format, args);
   if (result == NULL)
     return -1;
+  if (length > INT_MAX)
+    {
+      /* We could produce such a big string, but can't return its length
+	 as an 'int'.  */
+      free (result);
+      return -1;
+    }
+
   *resultp = result;
   /* Return the number of resulting bytes, excluding the trailing NUL.  */
   return length;
author	Bruno Haible <bruno@clisp.org>	2003-10-30 14:09:04 +0000
committer	Bruno Haible <bruno@clisp.org>	2003-10-30 14:09:04 +0000
commit	e989260658cab39b391ef9dab1380024365332c8 (patch)
tree	75a87142a160bce97661abdb27d3b8e83c54d3ec /lib/vasprintf.c
parent	25c83b47df5ba2528dd425a5f97136539d8d3d10 (diff)
download	gnulib-e989260658cab39b391ef9dab1380024365332c8.tar.gz