From 392702ee2c88d7d8aaff25f7a84acb73606f9094 Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@microsoft.com>
Date: Mon, 9 Feb 2015 23:41:13 -0500
Subject: allocations: test for overflow of requested size

Introduce some helper macros to test integer overflow from arithmetic
and set error message appropriately.
---
 src/win32/dir.c      | 8 ++++++--
 src/win32/utf-conv.c | 5 ++---
 2 files changed, 8 insertions(+), 5 deletions(-)

(limited to 'src/win32')

diff --git a/src/win32/dir.c b/src/win32/dir.c
index c7427ea54..9953289f6 100644
--- a/src/win32/dir.c
+++ b/src/win32/dir.c
@@ -18,9 +18,13 @@ git__DIR *git__opendir(const char *dir)
 
 	dirlen = strlen(dir);
 
-	new = git__calloc(sizeof(*new) + dirlen + 1, 1);
-	if (!new)
+	if (GIT_ALLOC_OVERFLOW_ADD(sizeof(*new), dirlen) ||
+		GIT_ALLOC_OVERFLOW_ADD(sizeof(*new) + dirlen, 1) ||
+		!(new = git__calloc(1, sizeof(*new) + dirlen + 1))) {
+		giterr_set_oom();
 		return NULL;
+	}
+
 	memcpy(new->dir, dir, dirlen);
 
 	new->h = FindFirstFileW(filter_w, &new->f);
diff --git a/src/win32/utf-conv.c b/src/win32/utf-conv.c
index b0205b019..624611205 100644
--- a/src/win32/utf-conv.c
+++ b/src/win32/utf-conv.c
@@ -99,9 +99,8 @@ int git__utf8_to_16_alloc(wchar_t **dest, const char *src)
 		return -1;
 	}
 
-	*dest = git__malloc(utf16_size * sizeof(wchar_t));
-
-	if (!*dest) {
+	if (GIT_ALLOC_OVERFLOW_MULTIPLY(utf16_size, sizeof(wchar_t)) ||
+		!(*dest = git__malloc(utf16_size * sizeof(wchar_t)))) {
 		errno = ENOMEM;
 		return -1;
 	}
-- 
cgit v1.2.1