Merge pull request #2895 from ethomson/alloc_overflow

allocations: test for overflow of requested size
author: Carlos Martín Nieto <cmn@dwim.me> 2015-02-15 05:13:50 +0100
committer: Carlos Martín Nieto <cmn@dwim.me> 2015-02-15 05:13:50 +0100
commit: a7fa970f8b216b79a5d237a9d87ac88e2371ae46 (patch)
tree: 3edf83ca5682fcca6f6f2bef1e089f89ccc85017 /src/posix.c
parent: b23c206e591260bb184990fea4a8104f7b27b897 (diff)
parent: 0f07d54b44825399e5d13499328135771c8d0b43 (diff)
download: libgit2-a7fa970f8b216b79a5d237a9d87ac88e2371ae46.tar.gz
1 files changed, 11 insertions, 1 deletions
diff --git a/src/posix.c b/src/posix.c
index d5e6875b5..8d86aa8bf 100644
--- a/src/posix.c
+++ b/src/posix.c
@@ -155,6 +155,14 @@ ssize_t p_read(git_file fd, void *buf, size_t cnt)
 {
 	char *b = buf;
 
+	if (!git__is_ssizet(cnt)) {
+#ifdef GIT_WIN32
+		SetLastError(ERROR_INVALID_PARAMETER);
+#endif
+		errno = EINVAL;
+		return -1;
+	}
+
 	while (cnt) {
 		ssize_t r;
 #ifdef GIT_WIN32
@@ -229,7 +237,9 @@ int p_mmap(git_map *out, size_t len, int prot, int flags, int fd, git_off_t offs
 	out->data = malloc(len);
 	GITERR_CHECK_ALLOC(out->data);
 
-	if ((p_lseek(fd, offset, SEEK_SET) < 0) || ((size_t)p_read(fd, out->data, len) != len)) {
+	if (!git__is_ssizet(len) ||
+		(p_lseek(fd, offset, SEEK_SET) < 0) ||
+		(p_read(fd, out->data, len) != (ssize_t)len)) {
 		giterr_set(GITERR_OS, "mmap emulation failed");
 		return -1;
 	}
author	Carlos Martín Nieto <cmn@dwim.me>	2015-02-15 05:13:50 +0100
committer	Carlos Martín Nieto <cmn@dwim.me>	2015-02-15 05:13:50 +0100
commit	a7fa970f8b216b79a5d237a9d87ac88e2371ae46 (patch)
tree	3edf83ca5682fcca6f6f2bef1e089f89ccc85017 /src/posix.c
parent	b23c206e591260bb184990fea4a8104f7b27b897 (diff)
parent	0f07d54b44825399e5d13499328135771c8d0b43 (diff)
download	libgit2-a7fa970f8b216b79a5d237a9d87ac88e2371ae46.tar.gz