chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
sd-bus: check for potential integer overflow in KDBUS_ITEM_FOREACH()
[elogind.git] / src / libsystemd / sd-bus / bus-kernel.h
diff --git a/src/libsystemd/sd-bus/bus-kernel.h b/src/libsystemd/sd-bus/bus-kernel.h
index c4722cbac60988b60c71af9a9ba4d1d04341d620..a1e9691f1d3cab4da88f67ac384c4ca14e661b36 100644 (file)
--- a/src/libsystemd/sd-bus/bus-kernel.h
+++ b/src/libsystemd/sd-bus/bus-kernel.h
@@ -31,7 +31,8 @@
 
 #define KDBUS_ITEM_FOREACH(part, head, first)                           \
         for (part = (head)->first;                                      \
-             (uint8_t *)(part) < (uint8_t *)(head) + (head)->size;      \
+             ((uint8_t *)(part) < (uint8_t *)(head) + (head)->size) &&  \
+                ((uint8_t *) part >= (uint8_t *) head);                 \
              part = KDBUS_ITEM_NEXT(part))
 
 #define KDBUS_ITEM_HEADER_SIZE offsetof(struct kdbus_item, data)
Unnamed repository; edit this file 'description' to name the repository.