Check for overflow when converting from size_t to 'int'.

diff --git a/lib/ChangeLog b/lib/ChangeLog
index 70573a8e17a0e704b1a80eec256ad3604568260e..a0b1b95f1cd8729435598867a4d18ebf143cc61f 100644 (file)
--- a/lib/ChangeLog
+++ b/lib/ChangeLog
@@ -1,3 +1,9 @@
+2003-10-30  Paul Eggert  <eggert@twinsun.com>
+            Bruno Haible  <bruno@clisp.org>
+
+       * vasprintf.c: Include <limits.h>, <stdlib.h>.
+       (vasprintf): Fail if the resulting length doesn't fit in an 'int'.
+
 2003-10-29  Paul Eggert  <eggert@twinsun.com>
 
        * xalloc.h (xalloc_oversized): Now a macro, not a function,

diff --git a/lib/vasprintf.c b/lib/vasprintf.c
index 7c8f212d724d9f5da378a921f174b1c5460487d4..bda9aa1b0f2bd812dd2477359fb08effc67dd334 100644 (file)
--- a/lib/vasprintf.c
+++ b/lib/vasprintf.c
@@ -1,5 +1,5 @@
 /* Formatted output to strings.
-   Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+   Copyright (C) 1999, 2002-2003 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -22,6 +22,9 @@
 /* Specification.  */
 #include "vasprintf.h"
 
+#include <limits.h>
+#include <stdlib.h>
+
 #include "vasnprintf.h"
 
 int
@@ -31,6 +34,14 @@ vasprintf (char **resultp, const char *format, va_list args)
   char *result = vasnprintf (NULL, &length, format, args);
   if (result == NULL)
     return -1;
+  if (length > INT_MAX)
+    {
+      /* We could produce such a big string, but can't return its length
+        as an 'int'.  */
+      free (result);
+      return -1;
+    }
+
   *resultp = result;
   /* Return the number of resulting bytes, excluding the trailing NUL.  */
   return length;