0020-pidof: Prevent integer overflows with grow_size().

author Qualys Security Advisory <qsa@qualys.com>

Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)

committer Craig Small <csmall@enc.com.au>

Sat, 23 Jun 2018 11:59:14 +0000 (21:59 +1000)
author Qualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committer Craig Small <csmall@enc.com.au>
Sat, 23 Jun 2018 11:59:14 +0000 (21:59 +1000)
diff --git a/pidof.c b/pidof.c

index c65aaadb7b20d6c73b2e1b1f45e4f3e61309a752..c4288115dcd54e4ff1baa10990e674bf06e34b42 100644 (file)
--- a/pidof.c
+++ b/pidof.c
@@ -21,6 +21,7 @@
  #include <stdio.h>
  #include <unistd.h>
  #include <getopt.h>
+#include <limits.h>
  #include <sys/types.h>
  
  #include "c.h"
@@ -30,7 +31,12 @@
  #include <proc/procps.h>
  
  
-#define grow_size(x)   (x = x * 5 / 4 + 1024)
+#define grow_size(x) do { \
+       if ((x) < 0 || (size_t)(x) >= INT_MAX / 5 / sizeof(struct el)) \
+               xerrx(EXIT_FAILURE, _("integer overflow")); \
+       (x) = (x) * 5 / 4 + 1024; \
+} while (0)
+
  #define safe_free(x)   if (x) { free(x); x=NULL; }
author	Qualys Security Advisory <qsa@qualys.com>
	Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committer	Craig Small <csmall@enc.com.au>
	Sat, 23 Jun 2018 11:59:14 +0000 (21:59 +1000)