Based on 97569e154b80541cbad39d78231b7f360d4ff058 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 21 Oct 2014 14:01:28 +0200 Subject: [PATCH] strv: add an additional overflow check when enlarging strv()s https://bugs.freedesktop.org/show_bug.cgi?id=76745 --- src/shared/strv.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) --- src/shared/strv.c +++ src/shared/strv.c 2014-10-23 00:00:00.000000000 +0000 @@ -361,13 +361,19 @@ char *strv_join_quoted(char **l) { int strv_push(char ***l, char *value) { char **c; - unsigned n; + unsigned n, m; if (!value) return 0; n = strv_length(*l); - c = realloc(*l, sizeof(char*) * (n + 2)); + + /* increase and check for overflow */ + m = n + 2; + if (m < n) + return -ENOMEM; + + c = realloc(*l, sizeof(char*) * (size_t) m); if (!c) return -ENOMEM;