diff options
| author | jmallett <jmallett@FreeBSD.org> | 2007-10-17 11:41:40 +0000 |
|---|---|---|
| committer | jmallett <jmallett@FreeBSD.org> | 2007-10-17 11:41:40 +0000 |
| commit | 4f4dc1955cf76ce689e160b17fea351527d0018b (patch) | |
| tree | 989f26c60cfa0afb71f9b6a5da2dcaca640b7e87 /usr.bin/fmt | |
| parent | f386b60906c9bdde2a83095c964d7047ebc3f294 (diff) | |
| download | FreeBSD-src-4f4dc1955cf76ce689e160b17fea351527d0018b.zip FreeBSD-src-4f4dc1955cf76ce689e160b17fea351527d0018b.tar.gz | |
Prevent strange crashes in fmt with absurd goal lengths introduced by the
support for wide characters.
If the sizeof (wchar_t) times max_length would yield a value beyond
representation in a size_t, exit with a usage error up front, rather than
strange errors down the line from trying to malloc (well, realloc) with a size
of 0.
This is perhaps not the optimal behaviour - a clamp may be more appropriate as
we clamp the value of max_length now anyway, but this is at least better than
segfaulting or worse. On systems which are friendly to malloc with a value of 0
the results could end up being strange corruption of the output.
Diffstat (limited to 'usr.bin/fmt')
| -rw-r--r-- | usr.bin/fmt/fmt.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/usr.bin/fmt/fmt.c b/usr.bin/fmt/fmt.c index 33f92b1..ed85c2e 100644 --- a/usr.bin/fmt/fmt.c +++ b/usr.bin/fmt/fmt.c @@ -176,6 +176,7 @@ static const char copyright[] = __FBSDID("$FreeBSD$"); #include <err.h> +#include <limits.h> #include <locale.h> #include <stdio.h> #include <stdlib.h> @@ -351,6 +352,7 @@ main(int argc, char *argv[]) { } if (goal_length==0) goal_length = 65; if (max_length==0) max_length = goal_length+10; + if (max_length >= SIZE_T_MAX / sizeof (wchar_t)) errx(EX_USAGE, "max length too large"); /* really needn't be longer */ output_buffer = XMALLOC((max_length+1) * sizeof(wchar_t)); |
