36 lines
993 B
Diff
36 lines
993 B
Diff
Based on 97569e154b80541cbad39d78231b7f360d4ff058 Mon Sep 17 00:00:00 2001
|
|
From: Lennart Poettering <lennart@poettering.net>
|
|
Date: Tue, 21 Oct 2014 14:01:28 +0200
|
|
Subject: [PATCH] strv: add an additional overflow check when enlarging
|
|
strv()s
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=76745
|
|
---
|
|
src/shared/strv.c | 10 ++++++++--
|
|
1 file changed, 8 insertions(+), 2 deletions(-)
|
|
|
|
--- src/shared/strv.c
|
|
+++ src/shared/strv.c 2014-10-23 00:00:00.000000000 +0000
|
|
@@ -361,13 +361,19 @@ char *strv_join_quoted(char **l) {
|
|
|
|
int strv_push(char ***l, char *value) {
|
|
char **c;
|
|
- unsigned n;
|
|
+ unsigned n, m;
|
|
|
|
if (!value)
|
|
return 0;
|
|
|
|
n = strv_length(*l);
|
|
- c = realloc(*l, sizeof(char*) * (n + 2));
|
|
+
|
|
+ /* increase and check for overflow */
|
|
+ m = n + 2;
|
|
+ if (m < n)
|
|
+ return -ENOMEM;
|
|
+
|
|
+ c = realloc(*l, sizeof(char*) * (size_t) m);
|
|
if (!c)
|
|
return -ENOMEM;
|
|
|