summaryrefslogtreecommitdiff
path: root/lib/libedit/readline.c
diff options
context:
space:
mode:
authorDoug Hogan <doug@cvs.openbsd.org>2014-10-11 04:24:07 +0000
committerDoug Hogan <doug@cvs.openbsd.org>2014-10-11 04:24:07 +0000
commit22f3c9378ff07d77596bd2d49154efd31c79bcbe (patch)
tree67571a0580efdf8c0fe6db84f33f56e833624a09 /lib/libedit/readline.c
parente76b59f7f7726aef156831251a30ba0de1990bb7 (diff)
Userland reallocarray() audit.
Avoid potential integer overflow in the size argument of malloc() and realloc() by using reallocarray() to avoid unchecked multiplication. ok deraadt@
Diffstat (limited to 'lib/libedit/readline.c')
-rw-r--r--lib/libedit/readline.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/libedit/readline.c b/lib/libedit/readline.c
index a91199f9189..09906bba0b1 100644
--- a/lib/libedit/readline.c
+++ b/lib/libedit/readline.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readline.c,v 1.10 2011/07/08 05:41:11 nicm Exp $ */
+/* $OpenBSD: readline.c,v 1.11 2014/10/11 04:24:06 doug Exp $ */
/* $NetBSD: readline.c,v 1.91 2010/08/28 15:44:59 christos Exp $ */
/*-
@@ -1091,12 +1091,13 @@ history_tokenize(const char *str)
if (idx + 2 >= size) {
char **nresult;
- size <<= 1;
- nresult = realloc(result, size * sizeof(char *));
+ nresult = reallocarray(result, size,
+ 2 * sizeof(char *));
if (nresult == NULL) {
free(result);
return NULL;
}
+ size *= 2;
result = nresult;
}
len = i - start;