util: check for overflow in greedy_realloc()

author Lennart Poettering <lennart@poettering.net>

Tue, 10 Dec 2013 18:53:03 +0000 (18:53 +0000)

committer Lennart Poettering <lennart@poettering.net>

Tue, 10 Dec 2013 18:53:56 +0000 (18:53 +0000)
author Lennart Poettering <lennart@poettering.net>
Tue, 10 Dec 2013 18:53:03 +0000 (18:53 +0000)
committer Lennart Poettering <lennart@poettering.net>
Tue, 10 Dec 2013 18:53:56 +0000 (18:53 +0000)
diff --git a/src/shared/util.c b/src/shared/util.c

index 9c07392c59e186ea9f124cc672f91b53b8c201a2..1c35edfbb19595027742df31e6fa4c0f4280267a 100644 (file)
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -5792,12 +5792,18 @@ void* greedy_realloc(void **p, size_t *allocated, size_t need) {
          size_t a;
          void *q;
  
+        assert(p);
          assert(allocated);
  
          if (*allocated >= need)
                  return *p;
  
          a = MAX(64u, need * 2);
+
+        /* check for overflows */
+        if (a < need)
+                return NULL;
+
          q = realloc(*p, a);
          if (!q)
                  return NULL;
@@ -5808,9 +5814,14 @@ void* greedy_realloc(void **p, size_t *allocated, size_t need) {
  }
  
  void* greedy_realloc0(void **p, size_t *allocated, size_t need) {
-        size_t prev = *allocated;
+        size_t prev;
          uint8_t *q;
  
+        assert(p);
+        assert(allocated);
+
+        prev = *allocated;
+
          q = greedy_realloc(p, allocated, need);
          if (!q)
                  return NULL;
author	Lennart Poettering <lennart@poettering.net>
	Tue, 10 Dec 2013 18:53:03 +0000 (18:53 +0000)
committer	Lennart Poettering <lennart@poettering.net>
	Tue, 10 Dec 2013 18:53:56 +0000 (18:53 +0000)