allocations: test for overflow of requested size

Introduce some helper macros to test integer overflow from arithmetic and set error message appropriately.
author: Edward Thomson <ethomson@microsoft.com> 2015-02-09 23:41:13 -0500
committer: Edward Thomson <ethomson@edwardthomson.com> 2015-02-12 22:54:46 -0500
commit: 392702ee2c88d7d8aaff25f7a84acb73606f9094 (patch)
tree: 97a66fe6e488797c6a9c2680ccb31964f61fe340 /src/win32
parent: d24a5312d8ab6d3cdb259e450ec9f1e2e6f3399d (diff)
download: libgit2-392702ee2c88d7d8aaff25f7a84acb73606f9094.tar.gz
2 files changed, 8 insertions, 5 deletions
diff --git a/src/win32/dir.c b/src/win32/dir.c
index c7427ea54..9953289f6 100644
--- a/src/win32/dir.c
+++ b/src/win32/dir.c
@@ -18,9 +18,13 @@ git__DIR *git__opendir(const char *dir)
 
 	dirlen = strlen(dir);
 
-	new = git__calloc(sizeof(*new) + dirlen + 1, 1);
-	if (!new)
+	if (GIT_ALLOC_OVERFLOW_ADD(sizeof(*new), dirlen) ||
+		GIT_ALLOC_OVERFLOW_ADD(sizeof(*new) + dirlen, 1) ||
+		!(new = git__calloc(1, sizeof(*new) + dirlen + 1))) {
+		giterr_set_oom();
 		return NULL;
+	}
+
 	memcpy(new->dir, dir, dirlen);
 
 	new->h = FindFirstFileW(filter_w, &new->f);
diff --git a/src/win32/utf-conv.c b/src/win32/utf-conv.c
index b0205b019..624611205 100644
--- a/src/win32/utf-conv.c
+++ b/src/win32/utf-conv.c
@@ -99,9 +99,8 @@ int git__utf8_to_16_alloc(wchar_t **dest, const char *src)
 		return -1;
 	}
 
-	*dest = git__malloc(utf16_size * sizeof(wchar_t));
-
-	if (!*dest) {
+	if (GIT_ALLOC_OVERFLOW_MULTIPLY(utf16_size, sizeof(wchar_t)) ||
+		!(*dest = git__malloc(utf16_size * sizeof(wchar_t)))) {
 		errno = ENOMEM;
 		return -1;
 	}
author	Edward Thomson <ethomson@microsoft.com>	2015-02-09 23:41:13 -0500
committer	Edward Thomson <ethomson@edwardthomson.com>	2015-02-12 22:54:46 -0500
commit	392702ee2c88d7d8aaff25f7a84acb73606f9094 (patch)
tree	97a66fe6e488797c6a9c2680ccb31964f61fe340 /src/win32
parent	d24a5312d8ab6d3cdb259e450ec9f1e2e6f3399d (diff)
download	libgit2-392702ee2c88d7d8aaff25f7a84acb73606f9094.tar.gz