summaryrefslogtreecommitdiffstats
path: root/usr.bin/fmt
diff options
context:
space:
mode:
authorjmallett <jmallett@FreeBSD.org>2007-10-17 11:41:40 +0000
committerjmallett <jmallett@FreeBSD.org>2007-10-17 11:41:40 +0000
commit4f4dc1955cf76ce689e160b17fea351527d0018b (patch)
tree989f26c60cfa0afb71f9b6a5da2dcaca640b7e87 /usr.bin/fmt
parentf386b60906c9bdde2a83095c964d7047ebc3f294 (diff)
downloadFreeBSD-src-4f4dc1955cf76ce689e160b17fea351527d0018b.zip
FreeBSD-src-4f4dc1955cf76ce689e160b17fea351527d0018b.tar.gz
Prevent strange crashes in fmt with absurd goal lengths introduced by the
support for wide characters. If the sizeof (wchar_t) times max_length would yield a value beyond representation in a size_t, exit with a usage error up front, rather than strange errors down the line from trying to malloc (well, realloc) with a size of 0. This is perhaps not the optimal behaviour - a clamp may be more appropriate as we clamp the value of max_length now anyway, but this is at least better than segfaulting or worse. On systems which are friendly to malloc with a value of 0 the results could end up being strange corruption of the output.
Diffstat (limited to 'usr.bin/fmt')
-rw-r--r--usr.bin/fmt/fmt.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/usr.bin/fmt/fmt.c b/usr.bin/fmt/fmt.c
index 33f92b1..ed85c2e 100644
--- a/usr.bin/fmt/fmt.c
+++ b/usr.bin/fmt/fmt.c
@@ -176,6 +176,7 @@ static const char copyright[] =
__FBSDID("$FreeBSD$");
#include <err.h>
+#include <limits.h>
#include <locale.h>
#include <stdio.h>
#include <stdlib.h>
@@ -351,6 +352,7 @@ main(int argc, char *argv[]) {
}
if (goal_length==0) goal_length = 65;
if (max_length==0) max_length = goal_length+10;
+ if (max_length >= SIZE_T_MAX / sizeof (wchar_t)) errx(EX_USAGE, "max length too large");
/* really needn't be longer */
output_buffer = XMALLOC((max_length+1) * sizeof(wchar_t));
OpenPOWER on IntegriCloud