[PATCH 17/17] diff: add integer overflow checking

diffutils-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 17/17] diff: add integer overflow checking

From:	Paul Eggert
Subject:	[PATCH 17/17] diff: add integer overflow checking
Date:	Sun, 22 Aug 2021 14:03:06 -0700

* src/diff.c (option_list, main): Check for integer overflow
in some unlikely and hard-to-test cases.
---
 src/diff.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/diff.c b/src/diff.c
index 36cc76a..a4e5538 100644
--- a/src/diff.c
+++ b/src/diff.c
@@ -245,7 +245,11 @@ option_list (char **optionvec, int count)
   char *p;
 
   for (i = 0; i < count; i++)
-    size += 1 + shell_quote_length (optionvec[i]);
+    {
+      size_t optsize = 1 + shell_quote_length (optionvec[i]);
+      if (INT_ADD_WRAPV (optsize, size, &size))
+       xalloc_die ();
+    }
 
   p = result = xmalloc (size);
 
@@ -402,8 +406,13 @@ main (int argc, char **argv)
                 "%>"
                 "#endif /* @ */\n");
 
-           char *b = xmalloc (sizeof C_ifdef_group_formats
-                              + 7 * strlen (optarg) - 7 /* 7*"@" */);
+           size_t alloc = strlen (optarg);
+           if (INT_MULTIPLY_WRAPV (alloc, 7, &alloc)
+               || INT_ADD_WRAPV (alloc,
+                                 sizeof C_ifdef_group_formats - 7 /* 7*"@" */,
+                                 &alloc))
+             xalloc_die ();
+           char *b = xmalloc (alloc);
            char *base = b;
            int changes = 0;
 
-- 
2.31.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 06/17] maint: omit unused function if not debugging, (continued)
- [PATCH 06/17] maint: omit unused function if not debugging, Paul Eggert, 2021/08/22
- [PATCH 12/17] diff3: simplify process_diff, Paul Eggert, 2021/08/22
- [PATCH 09/17] diff: remove printint, Paul Eggert, 2021/08/22
- [PATCH 14/17] diff: use mempcpy, Paul Eggert, 2021/08/22
- [PATCH 08/17] diff: remove INT_MAX limit on -F/-p searches, Paul Eggert, 2021/08/22
- [PATCH 03/17] diff3: suppress -fanalyzer alarms, Paul Eggert, 2021/08/22
- [PATCH 16/17] maint: refactor integer overflow checking, Paul Eggert, 2021/08/22
- [PATCH 04/17] maint: zalloc → xzalloc, Paul Eggert, 2021/08/22
- [PATCH 13/17] sdiff: fix unlikely memory leak, Paul Eggert, 2021/08/22
- [PATCH 02/17] maint: remove January workaround for Gnulib issue, Paul Eggert, 2021/08/22
- [PATCH 17/17] diff: add integer overflow checking, Paul Eggert <=
- [PATCH 10/17] maint: lint → GCC_LINT, Paul Eggert, 2021/08/22
- [PATCH 05/17] maint: remove prepargs, Paul Eggert, 2021/08/22
- [PATCH 07/17] maint: .gitignore updates, Paul Eggert, 2021/08/22
- [PATCH 11/17] maint: modernize IF_LINT for GCC 11.2.1, Paul Eggert, 2021/08/22
- [PATCH 15/17] diff: avoid sprintf %s, Paul Eggert, 2021/08/22

Prev by Date: [PATCH 02/17] maint: remove January workaround for Gnulib issue
Next by Date: [PATCH 10/17] maint: lint → GCC_LINT
Previous by thread: [PATCH 02/17] maint: remove January workaround for Gnulib issue
Next by thread: [PATCH 10/17] maint: lint → GCC_LINT
Index(es):
- Date
- Thread