From: Dmitry V. Levin <ldv@altlinux.org>
Date: Sun, 25 Mar 2012 22:56:53 +0000 (+0000)
Subject: printstr: check for potential integer overflow
X-Git-Tag: v4.7~36
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=378f9c5ad0043632475cd17cbe5fe4cf38971b2b;p=strace

printstr: check for potential integer overflow

* util.c (printstr): Check for potential integer overflow during outstr
buffer size calculation.
---

diff --git a/util.c b/util.c
index ea3488d4..348d77f4 100644
--- a/util.c
+++ b/util.c
@@ -564,10 +564,14 @@ printstr(struct tcb *tcp, long addr, int len)
 	}
 	/* Allocate static buffers if they are not allocated yet. */
 	if (!str) {
+		unsigned int outstr_size = 4 * max_strlen + /*for quotes and NUL:*/ 3;
+
+		if (outstr_size / 4 != max_strlen)
+			die_out_of_memory();
 		str = malloc(max_strlen + 1);
 		if (!str)
 			die_out_of_memory();
-		outstr = malloc(4 * max_strlen + /*for quotes and NUL:*/ 3);
+		outstr = malloc(outstr_size);
 		if (!outstr)
 			die_out_of_memory();
 	}