From e989260658cab39b391ef9dab1380024365332c8 Mon Sep 17 00:00:00 2001
From: Bruno Haible <bruno@clisp.org>
Date: Thu, 30 Oct 2003 14:09:04 +0000
Subject: Check for overflow when converting from size_t to 'int'.

---
 lib/vasprintf.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'lib/vasprintf.c')

diff --git a/lib/vasprintf.c b/lib/vasprintf.c
index 7c8f212d72..bda9aa1b0f 100644
--- a/lib/vasprintf.c
+++ b/lib/vasprintf.c
@@ -1,5 +1,5 @@
 /* Formatted output to strings.
-   Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+   Copyright (C) 1999, 2002-2003 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -22,6 +22,9 @@
 /* Specification.  */
 #include "vasprintf.h"
 
+#include <limits.h>
+#include <stdlib.h>
+
 #include "vasnprintf.h"
 
 int
@@ -31,6 +34,14 @@ vasprintf (char **resultp, const char *format, va_list args)
   char *result = vasnprintf (NULL, &length, format, args);
   if (result == NULL)
     return -1;
+  if (length > INT_MAX)
+    {
+      /* We could produce such a big string, but can't return its length
+	 as an 'int'.  */
+      free (result);
+      return -1;
+    }
+
   *resultp = result;
   /* Return the number of resulting bytes, excluding the trailing NUL.  */
   return length;
-- 
cgit v1.2.1