From: Tobias Stoeckmann Date: Wed, 24 Apr 2019 20:54:04 +0000 (+0200) Subject: Prevent endless loop in evmap_make_space. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bd817009d5dba7dc5273e6a05e2133660d4c4ac3;p=libevent Prevent endless loop in evmap_make_space. If slot is larger than INT_MAX / 2, then the loop which increases nentries until it is larger than slot would never return. Also make sure that nentries * msize will never overflow INT_MAX. Signed-off-by: Tobias Stoeckmann --- diff --git a/evmap.c b/evmap.c index 9e3449c5..ffc991f5 100644 --- a/evmap.c +++ b/evmap.c @@ -208,9 +208,15 @@ evmap_make_space(struct event_signal_map *map, int slot, int msize) int nentries = map->nentries ? map->nentries : 32; void **tmp; + if (slot > INT_MAX / 2) + return (-1); + while (nentries <= slot) nentries <<= 1; + if (nentries > INT_MAX / msize) + return (-1); + tmp = (void **)mm_realloc(map->entries, nentries * msize); if (tmp == NULL) return (-1);