diff options
| author | ache <ache@FreeBSD.org> | 2010-03-09 21:06:17 +0000 |
|---|---|---|
| committer | ache <ache@FreeBSD.org> | 2010-03-09 21:06:17 +0000 |
| commit | d22c80dc91afe33b2d0442322da0777621a33ba4 (patch) | |
| tree | 9e994e7e942ddf69371ac0b76679627284d0b27a /usr.bin/comm | |
| parent | 0cc78f7ab036fb675ad9e4035378afa9446015be (diff) | |
| download | FreeBSD-src-d22c80dc91afe33b2d0442322da0777621a33ba4.zip FreeBSD-src-d22c80dc91afe33b2d0442322da0777621a33ba4.tar.gz | |
Add SIZE_MAX overflow check
Diffstat (limited to 'usr.bin/comm')
| -rw-r--r-- | usr.bin/comm/comm.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/usr.bin/comm/comm.c b/usr.bin/comm/comm.c index b910911..ddad5dc 100644 --- a/usr.bin/comm/comm.c +++ b/usr.bin/comm/comm.c @@ -201,6 +201,8 @@ convert(const char *str) if ((n = mbstowcs(NULL, str, 0)) == (size_t)-1) return (NULL); + if (SIZE_MAX / sizeof(*buf) < n + 1) + errx(1, "conversion buffer length overflow"); if ((buf = malloc((n + 1) * sizeof(*buf))) == NULL) err(1, "malloc"); if (mbstowcs(buf, str, n + 1) != n) |
