Detect overflow before realloc - dedup - deduplicating backup program
HTML git clone git://bitreich.org/dedup/ git://enlrupgkhuxnvlhsf6lc3fziv5h2hhfrinws65d7roiv6bfj7d652fid.onion/dedup/
DIR Log
DIR Files
DIR Refs
DIR Tags
DIR README
DIR LICENSE
---
DIR commit 4ae0717157fe75f8c600ff01dded24c2a723af4b
DIR parent f16ec686af5b4b85ac6c5959361c2156259bd0e9
HTML Author: sin <sin@2f30.org>
Date: Tue, 26 Feb 2019 11:02:47 +0000
Detect overflow before realloc
Diffstat:
M dedup.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
---
DIR diff --git a/dedup.c b/dedup.c
@@ -4,6 +4,7 @@
#include <err.h>
#include <fcntl.h>
+#include <limits.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
@@ -135,10 +136,17 @@ free_snap(struct snapshot *snap)
static struct snapshot *
grow_snap(struct snapshot *snap, uint64_t nr_blk_descs)
{
- size_t size;
+ size_t size, mul;
+
+ if (nr_blk_descs > SIZE_MAX / sizeof(snap->blk_desc[0]))
+ errx(1, "grow_snap: overflow");
+ mul = nr_blk_descs * sizeof(snap->blk_desc[0]);
size = sizeof(*snap);
- size += nr_blk_descs * sizeof(snap->blk_desc[0]);
+ if (size > SIZE_MAX - mul)
+ errx(1, "grow_snap: overflow");
+ size += mul;
+
snap = realloc(snap, size);
if (snap == NULL)
err(1, "realloc");