diff options
author | Dmitry V. Levin <ldv@altlinux.org> | 2012-03-25 22:56:53 +0000 |
---|---|---|
committer | Dmitry V. Levin <ldv@altlinux.org> | 2012-03-25 22:56:53 +0000 |
commit | 378f9c5ad0043632475cd17cbe5fe4cf38971b2b (patch) | |
tree | d21856df5592c59d34f889d37b3a804a96b46817 /util.c | |
parent | ccee169ab6aa4ae7515198dadcef5dd2286ede4b (diff) | |
download | strace-378f9c5ad0043632475cd17cbe5fe4cf38971b2b.tar.gz strace-378f9c5ad0043632475cd17cbe5fe4cf38971b2b.tar.bz2 strace-378f9c5ad0043632475cd17cbe5fe4cf38971b2b.tar.xz |
printstr: check for potential integer overflow
* util.c (printstr): Check for potential integer overflow during outstr
buffer size calculation.
Diffstat (limited to 'util.c')
-rw-r--r-- | util.c | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -564,10 +564,14 @@ printstr(struct tcb *tcp, long addr, int len) } /* Allocate static buffers if they are not allocated yet. */ if (!str) { + unsigned int outstr_size = 4 * max_strlen + /*for quotes and NUL:*/ 3; + + if (outstr_size / 4 != max_strlen) + die_out_of_memory(); str = malloc(max_strlen + 1); if (!str) die_out_of_memory(); - outstr = malloc(4 * max_strlen + /*for quotes and NUL:*/ 3); + outstr = malloc(outstr_size); if (!outstr) die_out_of_memory(); } |