Add SIZE_MAX overflow check

author: ache <ache@FreeBSD.org> 2010-03-09 21:06:17 +0000
committer: ache <ache@FreeBSD.org> 2010-03-09 21:06:17 +0000
commit: d22c80dc91afe33b2d0442322da0777621a33ba4 (patch)
tree: 9e994e7e942ddf69371ac0b76679627284d0b27a /usr.bin/comm
parent: 0cc78f7ab036fb675ad9e4035378afa9446015be (diff)
download: FreeBSD-src-d22c80dc91afe33b2d0442322da0777621a33ba4.zip
FreeBSD-src-d22c80dc91afe33b2d0442322da0777621a33ba4.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/usr.bin/comm/comm.c b/usr.bin/comm/comm.c
index b910911..ddad5dc 100644
--- a/usr.bin/comm/comm.c
+++ b/usr.bin/comm/comm.c
@@ -201,6 +201,8 @@ convert(const char *str)
 
 	if ((n = mbstowcs(NULL, str, 0)) == (size_t)-1)
 		return (NULL);
+	if (SIZE_MAX / sizeof(*buf) < n + 1)
+		errx(1, "conversion buffer length overflow");
 	if ((buf = malloc((n + 1) * sizeof(*buf))) == NULL)
 		err(1, "malloc");
 	if (mbstowcs(buf, str, n + 1) != n)
author	ache <ache@FreeBSD.org>	2010-03-09 21:06:17 +0000
committer	ache <ache@FreeBSD.org>	2010-03-09 21:06:17 +0000
commit	d22c80dc91afe33b2d0442322da0777621a33ba4 (patch)
tree	9e994e7e942ddf69371ac0b76679627284d0b27a /usr.bin/comm
parent	0cc78f7ab036fb675ad9e4035378afa9446015be (diff)
download	FreeBSD-src-d22c80dc91afe33b2d0442322da0777621a33ba4.zip FreeBSD-src-d22c80dc91afe33b2d0442322da0777621a33ba4.tar.gz