SECURITY: fix botched integer overflow handling logic in stralloc_ready (Giorgio)

master
leitner 10 years ago
parent d0e735e2c2
commit 79f534ffdf

@ -28,6 +28,7 @@
zero length buffer zero length buffer
if SOCK_NONBLOCK is defined, use it instead of socket+fcntl if SOCK_NONBLOCK is defined, use it instead of socket+fcntl
... but if errno==EINVAL still fall back to socket+fcntl (Robert Henney) ... but if errno==EINVAL still fall back to socket+fcntl (Robert Henney)
SECURITY: fix botched integer overflow handling logic in stralloc_ready (Giorgio)
0.29: 0.29:
save 8 bytes in taia.h for 64-bit systems save 8 bytes in taia.h for 64-bit systems

@ -9,7 +9,8 @@
* old space, and returns 1. Note that this changes sa.s. */ * old space, and returns 1. Note that this changes sa.s. */
int stralloc_ready(stralloc *sa,size_t len) { int stralloc_ready(stralloc *sa,size_t len) {
register size_t wanted=len+(len>>3)+30; /* heuristic from djb */ register size_t wanted=len+(len>>3)+30; /* heuristic from djb */
if (wanted<len || !sa->s || sa->a<len) { if (wanted<len) wanted=len;
if (!sa->s || sa->a<len) {
register char* tmp; register char* tmp;
if (!(tmp=realloc(sa->s,wanted))) if (!(tmp=realloc(sa->s,wanted)))
return 0; return 0;

Loading…
Cancel
Save