0112-top: Prevent integer overflow in adj_geometry().

author Qualys Security Advisory <qsa@qualys.com>

Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)

committer Craig Small <csmall@enc.com.au>

Sat, 9 Jun 2018 11:35:20 +0000 (21:35 +1000)
author Qualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committer Craig Small <csmall@enc.com.au>
Sat, 9 Jun 2018 11:35:20 +0000 (21:35 +1000)
diff --git a/top/top.c b/top/top.c

index 0cc7f992b505d8f74197d411951bbba359ed3d7c..976132dd9be3cdc9b765ed5b1f4f2a30c6a8fe50 100644 (file)
--- a/top/top.c
+++ b/top/top.c
@@ -1790,8 +1790,10 @@ static void adj_geometry (void) {
        Screen_rows = w_rows ? w_rows : INT_MAX;
        Pseudo_size = (sizeof(*Pseudo_screen) * ROWMAXSIZ);
     } else {
+      const int max_rows = INT_MAX / (sizeof(*Pseudo_screen) * ROWMAXSIZ);
        if (w_cols && w_cols < Screen_cols) Screen_cols = w_cols;
        if (w_rows && w_rows < Screen_rows) Screen_rows = w_rows;
+      if (Screen_rows < 0 || Screen_rows > max_rows) Screen_rows = max_rows;
        Pseudo_size = (sizeof(*Pseudo_screen) * ROWMAXSIZ) * Screen_rows;
     }
     // we'll only grow our Pseudo_screen, never shrink it
author	Qualys Security Advisory <qsa@qualys.com>
	Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committer	Craig Small <csmall@enc.com.au>
	Sat, 9 Jun 2018 11:35:20 +0000 (21:35 +1000)