From a8c26531339041b2d4aadb7c36bb26448c2208ea Mon Sep 17 00:00:00 2001
From: pfg <pfg@FreeBSD.org>
Date: Mon, 15 Feb 2016 18:14:21 +0000
Subject: getln: We cannot expand the buffer beyond INT_MAX.

In such cases return ENOMEM. This is a limitation of our
implementation, alternatively you may consider getline(3).

Differential Revision:	https://reviews.freebsd.org/D442 (Partial)
Obtained from:	Apple Inc. (Libc 997.90.3)
Relnotes:	yes
---
 lib/libc/stdio/fgetln.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'lib/libc/stdio/fgetln.c')

diff --git a/lib/libc/stdio/fgetln.c b/lib/libc/stdio/fgetln.c
index 1779de2..1509bc8 100644
--- a/lib/libc/stdio/fgetln.c
+++ b/lib/libc/stdio/fgetln.c
@@ -37,6 +37,8 @@ static char sccsid[] = "@(#)fgetln.c	8.2 (Berkeley) 1/2/94";
 __FBSDID("$FreeBSD$");
 
 #include "namespace.h"
+#include <errno.h>
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -61,6 +63,10 @@ __slbexpand(FILE *fp, size_t newsize)
 #endif
 	if (fp->_lb._size >= newsize)
 		return (0);
+	if (newsize > INT_MAX) {
+		errno = ENOMEM;
+		return (-1);
+	}
 	if ((p = realloc(fp->_lb._base, newsize)) == NULL)
 		return (-1);
 	fp->_lb._base = p;
@@ -152,13 +158,14 @@ fgetln(FILE *fp, size_t *lenp)
 	}
 	*lenp = len;
 #ifdef notdef
-	fp->_lb._base[len] = 0;
+	fp->_lb._base[len] = '\0';
 #endif
 	FUNLOCKFILE(fp);
 	return ((char *)fp->_lb._base);
 
 error:
 	*lenp = 0;		/* ??? */
+	fp->_flags |= __SERR;
 	FUNLOCKFILE(fp);
 	return (NULL);		/* ??? */
 }
-- 
cgit v1.1