emo/procps
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

tload: Prevent integer overflows of ncols, nrows, and scr_size.

Browse Source 
Also, use xerrx() instead of xerr() since errno is not set.
This commit is contained in:
Qualys Security Advisory
-
committed by Craig Small
parent 4c346cf594
commit 031bc56f65
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tload.c
View File

@@ -43,6 +43,7 @@
#include <sys/ioctl.h>
#include <termios.h>
#include <unistd.h>
#include <limits.h>
static char *screen;
@@ -70,9 +71,13 @@ static void setsize(int i)
if (win.ws_row > 0)
nrows = win.ws_row;
}
if (ncols < 2 || ncols >= INT_MAX)
xerrx(EXIT_FAILURE, _("screen too small or too large"));
if (nrows < 2 || nrows >= INT_MAX / ncols)
xerrx(EXIT_FAILURE, _("screen too small or too large"));
scr_size = nrows * ncols;
if (scr_size < 2)
xerr(EXIT_FAILURE, _("screen too small"));
xerrx(EXIT_FAILURE, _("screen too small"));
if (screen == NULL)
screen = (char *)xmalloc(scr_size);
else