From: Bruno Haible <bruno@clisp.org>
Date: Thu, 30 Oct 2003 14:09:04 +0000 (+0000)
Subject: Check for overflow when converting from size_t to 'int'.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e989260658cab39b391ef9dab1380024365332c8;p=pspp

Check for overflow when converting from size_t to 'int'.
---

diff --git a/lib/ChangeLog b/lib/ChangeLog
index 70573a8e17..a0b1b95f1c 100644
--- a/lib/ChangeLog
+++ b/lib/ChangeLog
@@ -1,3 +1,9 @@
+2003-10-30  Paul Eggert  <eggert@twinsun.com>
+            Bruno Haible  <bruno@clisp.org>
+
+	* vasprintf.c: Include <limits.h>, <stdlib.h>.
+	(vasprintf): Fail if the resulting length doesn't fit in an 'int'.
+
 2003-10-29  Paul Eggert  <eggert@twinsun.com>
 
 	* xalloc.h (xalloc_oversized): Now a macro, not a function,
diff --git a/lib/vasprintf.c b/lib/vasprintf.c
index 7c8f212d72..bda9aa1b0f 100644
--- a/lib/vasprintf.c
+++ b/lib/vasprintf.c
@@ -1,5 +1,5 @@
 /* Formatted output to strings.
-   Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+   Copyright (C) 1999, 2002-2003 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -22,6 +22,9 @@
 /* Specification.  */
 #include "vasprintf.h"
 
+#include <limits.h>
+#include <stdlib.h>
+
 #include "vasnprintf.h"
 
 int
@@ -31,6 +34,14 @@ vasprintf (char **resultp, const char *format, va_list args)
   char *result = vasnprintf (NULL, &length, format, args);
   if (result == NULL)
     return -1;
+  if (length > INT_MAX)
+    {
+      /* We could produce such a big string, but can't return its length
+	 as an 'int'.  */
+      free (result);
+      return -1;
+    }
+
   *resultp = result;
   /* Return the number of resulting bytes, excluding the trailing NUL.  */
   return length;