diff options
author | Sébastien Helleu <flashcode@flashtux.org> | 2016-10-08 13:10:56 +0200 |
---|---|---|
committer | Sébastien Helleu <flashcode@flashtux.org> | 2016-10-08 13:10:56 +0200 |
commit | 997f47f77a135d9119bc167bbe7e5aaede078259 (patch) | |
tree | 8f7c9bb0d4a719aaed6bd7fd030ca6a985ccf8ef /src/core | |
parent | 485aff59c4664ae6e2b39556537616336f66d685 (diff) | |
download | weechat-997f47f77a135d9119bc167bbe7e5aaede078259.zip |
core: fix integer overflow in calls to realloc (issue #809)
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/wee-util.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/core/wee-util.c b/src/core/wee-util.c index b1f567916..0dccb1861 100644 --- a/src/core/wee-util.c +++ b/src/core/wee-util.c @@ -24,6 +24,7 @@ #endif #include <stdlib.h> +#include <stdint.h> #include <errno.h> #include <string.h> #include <sys/types.h> @@ -672,6 +673,8 @@ util_file_get_content (const char *filename) while (!feof (f)) { + if (fp > SIZE_MAX - (1024 * sizeof (char))) + goto error; buffer2 = (char *) realloc (buffer, (fp + (1024 * sizeof (char)))); if (!buffer2) goto error; @@ -681,6 +684,8 @@ util_file_get_content (const char *filename) goto error; fp += count; } + if (fp > SIZE_MAX - sizeof (char)) + goto error; buffer2 = (char *) realloc (buffer, fp + sizeof (char)); if (!buffer2) goto error; |