]> granicus.if.org Git - fortune-mod/commitdiff
check for overflow
authorShlomi Fish <shlomif@shlomifish.org>
Sat, 2 May 2020 10:23:57 +0000 (13:23 +0300)
committerShlomi Fish <shlomif@shlomifish.org>
Sat, 2 May 2020 10:23:57 +0000 (13:23 +0300)
fortune-mod/fortune/fortune.c

index 4187b9652213e52baec9b4deb5fcafb421abb145..c866afd40402312646eb628e45d124e53314c0c3 100644 (file)
@@ -312,15 +312,23 @@ static void print_list(FILEDESC *list, int lev)
 static char *conv_pat(char *orig)
 {
     char *sp;
-    unsigned int cnt;
     char *new_buf;
 
-    cnt = 1; /* allow for '\0' */
+    size_t cnt = 1; /* allow for '\0' */
     for (sp = orig; *sp != '\0'; sp++)
+    {
+        const size_t prev_cnt = cnt;
         if (isalpha(*sp))
             cnt += 4;
         else
             cnt++;
+        if (prev_cnt >= cnt)
+        {
+            fprintf(stderr, "%s",
+                "pattern too long for ignoring case; overflow!\n");
+            exit(1);
+        }
+    }
     if (!(new_buf = malloc(cnt)))
     {
         fprintf(stderr, "%s", "pattern too long for ignoring case\n");