| commit | 9ff1f50b1cf672569de4fe438be268dcf9495a33 | |
| author | Guillem Jover <guillem@debian.org> | |
| Tue, 9 Jul 2024 00:57:47 +0000 (9 02:57 +0200) | ||
| committer | Guillem Jover <guillem@debian.org> | |
| Tue, 9 Jul 2024 10:20:53 +0000 (9 12:20 +0200) | ||
| tree | cdd06cfd1394fb31b29232443a490ffb3cf50ab3 | treesnapshot (tar.gz zip) |
| parent | 811651673916b07d74b8e7284da71e02b12019f6 | commitdiff |
libcompat: Fix vasprintf() to error out if vsnprintf() returns >= INT_MAX
If the initial vsnprintf() call inside vasprintf() returns the needed
amount of bytes >= INT_MAX, that means we could overflow either when
adding one for the allocation if sizeof(size_t) == sizeof(int), or when
passing the size of that buffer to the next vsnprintf() call where even
if sizeof(size_t) > sizeof(int), the function will still need to return
the number of written bytes. Set errno appropriately and return -1.
Warned-by: coverity
If the initial vsnprintf() call inside vasprintf() returns the needed
amount of bytes >= INT_MAX, that means we could overflow either when
adding one for the allocation if sizeof(size_t) == sizeof(int), or when
passing the size of that buffer to the next vsnprintf() call where even
if sizeof(size_t) > sizeof(int), the function will still need to return
the number of written bytes. Set errno appropriately and return -1.
Warned-by: coverity
| lib/compat/vasprintf.c | diffblobblamehistory |