Browse Source

SECURITY: fix botched integer overflow handling logic in stralloc_ready (Giorgio)

master
Felix von Leitner 6 years ago
parent
commit
82388e1c23
  1. 1
      CHANGES
  2. 3
      stralloc/stralloc_ready.c

1
CHANGES

@ -28,6 +28,7 @@
zero length buffer
if SOCK_NONBLOCK is defined, use it instead of socket+fcntl
... but if errno==EINVAL still fall back to socket+fcntl (Robert Henney)
SECURITY: fix botched integer overflow handling logic in stralloc_ready (Giorgio)
0.29:
save 8 bytes in taia.h for 64-bit systems

3
stralloc/stralloc_ready.c

@ -9,7 +9,8 @@
* old space, and returns 1. Note that this changes sa.s. */
int stralloc_ready(stralloc *sa,size_t len) {
register size_t wanted=len+(len>>3)+30; /* heuristic from djb */
if (wanted<len || !sa->s || sa->a<len) {
if (wanted<len) wanted=len;
if (!sa->s || sa->a<len) {
register char* tmp;
if (!(tmp=realloc(sa->s,wanted)))
return 0;

Loading…
Cancel
Save