DeforaOS/libSystem
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Detect integer overflows in string_new_length()

Browse Source 
These overflows were caught in object_new() until now.
This commit is contained in:
Pierre Pronchery 2017-04-14 03:47:38 +02:00
parent 6324df6d88
commit 40e276659b
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/string.c
View File

@ -20,6 +20,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <limits.h>
#include <errno.h> #include <errno.h>
#include "System/error.h" #include "System/error.h"
#include "System/object.h" #include "System/object.h"
@ -106,9 +107,14 @@ String * string_new_length(String const * string, size_t length)
#ifdef DEBUG #ifdef DEBUG
fprintf(stderr, "DEBUG: %s(\"%s\", %zu)\n", __func__, string, length); fprintf(stderr, "DEBUG: %s(\"%s\", %zu)\n", __func__, string, length);
#endif #endif
if((ret = object_new(++length)) == NULL) if(length == SIZE_T_MAX)
{
error_set_code(-ERANGE, "%s", strerror(ERANGE));
return NULL; return NULL;
snprintf(ret, length, "%s", (string != NULL) ? string : ""); }
if((ret = object_new(length + 1)) == NULL)
return NULL;
snprintf(ret, length + 1, "%s", (string != NULL) ? string : "");
return ret; return ret;
} }