pmap: Prevent integer overflow in main().

author Qualys Security Advisory <qsa@qualys.com>

Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)

committer Craig Small <csmall@enc.com.au>

Fri, 18 May 2018 21:32:22 +0000 (07:32 +1000)
author Qualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committer Craig Small <csmall@enc.com.au>
Fri, 18 May 2018 21:32:22 +0000 (07:32 +1000)
diff --git a/pmap.c b/pmap.c

index 88f6c90b8d3c6720ec7a2a66d7c72f12fcac756a..ea1f46d7f16308230c35cc7abc298691d23f1ce5 100644 (file)
--- a/pmap.c
+++ b/pmap.c
@@ -30,6 +30,7 @@
  #include <sys/types.h>
  #include <unistd.h>
  #include <assert.h>
+#include <limits.h>
  
  #include "c.h"
  #include "fileutils.h"
@@ -1136,6 +1137,8 @@ int main(int argc, char **argv)
  
         }
  
+       if ((size_t)argc >= INT_MAX / sizeof(pid_t))
+               xerrx(EXIT_FAILURE, _("too many arguments"));
         pidlist = xmalloc(sizeof(pid_t) * (argc+1));
  
         while (*argv) {
author	Qualys Security Advisory <qsa@qualys.com>
	Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committer	Craig Small <csmall@enc.com.au>
	Fri, 18 May 2018 21:32:22 +0000 (07:32 +1000)