Based on 97569e154b80541cbad39d78231b7f360d4ff058 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 21 Oct 2014 14:01:28 +0200
Subject: [PATCH] strv: add an additional overflow check when enlarging
 strv()s

https://bugs.freedesktop.org/show_bug.cgi?id=76745
---
 src/shared/strv.c |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

--- src/shared/strv.c
+++ src/shared/strv.c	2014-10-23 00:00:00.000000000 +0000
@@ -361,13 +361,19 @@ char *strv_join_quoted(char **l) {
 
 int strv_push(char ***l, char *value) {
         char **c;
-        unsigned n;
+        unsigned n, m;
 
         if (!value)
                 return 0;
 
         n = strv_length(*l);
-        c = realloc(*l, sizeof(char*) * (n + 2));
+
+        /* increase and check for overflow */
+        m = n + 2;
+        if (m < n)
+                return -ENOMEM;
+
+        c = realloc(*l, sizeof(char*) * (size_t) m);
         if (!c)
                 return -ENOMEM;