pidof: Prevent integer overflows with grow_size().

Note: unlike "size" and "omit_size", "path_alloc_size" is not multiplied
by "sizeof(struct el)" but the checks in grow_size() allow for a roughly
100MB path_alloc_size, which should be more than enough for readlink().

diff --git a/pidof.c b/pidof.c
index 0220c88817bf2526f0d44f3723d9bbaeaf55675f..f329d97df0f3c16fbded491891512a3b34a9028e 100644 (file)
--- a/pidof.c
+++ b/pidof.c
@@ -20,6 +20,7 @@
 
 #include <stdio.h>
 #include <getopt.h>
+#include <limits.h>
 
 #include "c.h"
 #include "fileutils.h"
@@ -29,7 +30,12 @@
 #include "proc/version.h" /* procps_version */
 
 
-#define grow_size(x)   (x = x * 5 / 4 + 1024)
+#define grow_size(x) do { \
+       if ((x) < 0 || (size_t)(x) >= INT_MAX / 5 / sizeof(struct el)) \
+               xerrx(EXIT_FAILURE, _("integer overflow")); \
+       (x) = (x) * 5 / 4 + 1024; \
+} while (0)
+
 #define safe_free(x)   if (x) { free(x); x=NULL; }