From: Shlomi Fish Date: Sat, 2 May 2020 10:23:57 +0000 (+0300) Subject: check for overflow X-Git-Tag: fortune-mod-2.28.0~7 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2545947f8ff2dff8612c7f1ac0938e586918dafb;p=fortune-mod check for overflow --- diff --git a/fortune-mod/fortune/fortune.c b/fortune-mod/fortune/fortune.c index 4187b96..c866afd 100644 --- a/fortune-mod/fortune/fortune.c +++ b/fortune-mod/fortune/fortune.c @@ -312,15 +312,23 @@ static void print_list(FILEDESC *list, int lev) static char *conv_pat(char *orig) { char *sp; - unsigned int cnt; char *new_buf; - cnt = 1; /* allow for '\0' */ + size_t cnt = 1; /* allow for '\0' */ for (sp = orig; *sp != '\0'; sp++) + { + const size_t prev_cnt = cnt; if (isalpha(*sp)) cnt += 4; else cnt++; + if (prev_cnt >= cnt) + { + fprintf(stderr, "%s", + "pattern too long for ignoring case; overflow!\n"); + exit(1); + } + } if (!(new_buf = malloc(cnt))) { fprintf(stderr, "%s", "pattern too long for ignoring case\n");