yaml_stack_extend: guard against integer overflowinteger-overflow

author: Florian Weimer <fweimer@redhat.com> 2014-02-03 16:48:01 -0800
committer: Ingy döt Net <ingy@ingy.net> 2016-10-15 15:36:43 -0700
commit: 12bb0c81066d130055a2189d07fe1894ff4ffdd0 (patch)
tree: 6e2645a2d5d7a74b82205338cb9da26618c65b24
parent: 6db69c72d4823a95c8feddaaa4380d13cf02939c (diff)
download: libyaml-git-12bb0c81066d130055a2189d07fe1894ff4ffdd0.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/src/api.c b/src/api.c
index b1a8da0..35a58c5 100644
--- a/src/api.c
+++ b/src/api.c
@@ -117,7 +117,12 @@ yaml_string_join(
 YAML_DECLARE(int)
 yaml_stack_extend(void **start, void **top, void **end)
 {
-    void *new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2);
+    void *new_start;
+
+    if ((char *)*end - (char *)*start >= INT_MAX / 2)
+	return 0;
+
+    new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2);
 
     if (!new_start) return 0;
author	Florian Weimer <fweimer@redhat.com>	2014-02-03 16:48:01 -0800
committer	Ingy döt Net <ingy@ingy.net>	2016-10-15 15:36:43 -0700
commit	12bb0c81066d130055a2189d07fe1894ff4ffdd0 (patch)
tree	6e2645a2d5d7a74b82205338cb9da26618c65b24
parent	6db69c72d4823a95c8feddaaa4380d13cf02939c (diff)
download	libyaml-git-12bb0c81066d130055a2189d07fe1894ff4ffdd0.tar.gz