diff options
| author | Marc Espie <espie@cvs.openbsd.org> | 2015-04-25 15:33:48 +0000 |
|---|---|---|
| committer | Marc Espie <espie@cvs.openbsd.org> | 2015-04-25 15:33:48 +0000 |
| commit | 3201426311101bdebc8c63b724b9a1575c44915c (patch) | |
| tree | af45be36550587ff2bb3b78dad6c7579dfda0e8d /usr.bin/m4 | |
| parent | 3c6398fe3c38e66674194252a30a659ca2b5fb45 (diff) | |
add check for overflow while doubling (very unlikely in practice, but still
better style code). Problem noticed by deraadt@ in m4.
okay doug@ deraadt@
Diffstat (limited to 'usr.bin/m4')
| -rw-r--r-- | usr.bin/m4/gnum4.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/usr.bin/m4/gnum4.c b/usr.bin/m4/gnum4.c index 99d5255c1a6..8bc007b567f 100644 --- a/usr.bin/m4/gnum4.c +++ b/usr.bin/m4/gnum4.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gnum4.c,v 1.48 2015/03/14 23:00:43 millert Exp $ */ +/* $OpenBSD: gnum4.c,v 1.49 2015/04/25 15:33:47 espie Exp $ */ /* * Copyright (c) 1999 Marc Espie @@ -208,8 +208,11 @@ addchars(const char *c, size_t n) while (current + n > bufsize) { if (bufsize == 0) bufsize = 1024; - else + else if (bufsize <= SIZE_MAX/2) { bufsize *= 2; + } else { + errx(1, "size overflow"); + } buffer = xrealloc(buffer, bufsize, NULL); } memcpy(buffer+current, c, n); |