0076-proc/readproc.c: Harden vectorize_this_str().

This detects an integer overflow of "strlen + 1", prevents an integer overflow of "tot + adj + (2 * pSZ)", and avoids calling snprintf with a string longer than INT_MAX. Truncate rather than fail, since the callers do not expect a failure of this function. ---------------------------- adapted for newlib branch . logic is now in pids.c . former 'vectorize_this_str' is now 'pids_vectorize_this' Signed-off-by: Jim Warner <james.warner@comcast.net>
1970-01-01 00:00:00 +00:00 · 1970-01-01 00:00:00 +00:00 · 1052091107
commit 1052091107
parent d9c0a3e36f
1 changed files with 2 additions and 1 deletions
--- a/proc/pids.c
+++ b/proc/pids.c
@ -97,9 +97,10 @@ struct pids_info {
 static char** pids_vectorize_this (const char* src) {
 #define pSZ  (sizeof(char*))
    char *cpy, **vec;
-    int adj, tot;
+    size_t adj, tot;

    tot = strlen(src) + 1;                       // prep for our vectors
+    if (tot < 1 || tot >= INT_MAX) tot = INT_MAX-1; // integer overflow?
    adj = (pSZ-1) - ((tot + pSZ-1) & (pSZ-1));   // calc alignment bytes
    cpy = calloc(1, tot + adj + (2 * pSZ));      // get new larger buffer
    if (!cpy) return NULL;                       // oops, looks like ENOMEM