From bd817009d5dba7dc5273e6a05e2133660d4c4ac3 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Wed, 24 Apr 2019 22:54:04 +0200
Subject: [PATCH] Prevent endless loop in evmap_make_space.

If slot is larger than INT_MAX / 2, then the loop which increases
nentries until it is larger than slot would never return.

Also make sure that nentries * msize will never overflow INT_MAX.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 evmap.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/evmap.c b/evmap.c
index 9e3449c5..ffc991f5 100644
--- a/evmap.c
+++ b/evmap.c
@@ -208,9 +208,15 @@ evmap_make_space(struct event_signal_map *map, int slot, int msize)
 		int nentries = map->nentries ? map->nentries : 32;
 		void **tmp;
 
+		if (slot > INT_MAX / 2)
+			return (-1);
+
 		while (nentries <= slot)
 			nentries <<= 1;
 
+		if (nentries > INT_MAX / msize)
+			return (-1);
+
 		tmp = (void **)mm_realloc(map->entries, nentries * msize);
 		if (tmp == NULL)
 			return (-1);
-- 
2.50.1