kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity

mem-pool: use st_add() in mem_pool_strvfmt() 

If len is INT_MAX in mem_pool_strvfmt(), then len + 1 overflows.
Casting it to size_t would prevent that.  Use st_add() to go a step
further and make the addition *obviously* safe.  The compiler can
optimize the check away on platforms where SIZE_MAX > INT_MAX, i.e.
basically everywhere.

Signed-off-by: René Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
maint
René Scharfe 2024-03-31 20:53:07 +02:00 committed by Junio C Hamano
parent f39addd0d9
commit ffeaf2f76a
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
mem-pool.c
View File

@ -115,6 +115,7 @@ static char *mem_pool_strvfmt(struct mem_pool *pool, const char *fmt,
size_t available = block ? block->end - block->next_free : 0; size_t available = block ? block->end - block->next_free : 0;
va_list cp; va_list cp;
int len, len2; int len, len2;
size_t size;
char *ret; char *ret;


va_copy(cp, ap); va_copy(cp, ap);
@ -123,13 +124,14 @@ static char *mem_pool_strvfmt(struct mem_pool *pool, const char *fmt,
if (len < 0) if (len < 0)
BUG("your vsnprintf is broken (returned %d)", len); BUG("your vsnprintf is broken (returned %d)", len);


ret = mem_pool_alloc(pool, len + 1); /* 1 for NUL */ size = st_add(len, 1); /* 1 for NUL */
ret = mem_pool_alloc(pool, size);


/* Shortcut; relies on mem_pool_alloc() not touching buffer contents. */ /* Shortcut; relies on mem_pool_alloc() not touching buffer contents. */
if (ret == next_free) if (ret == next_free)
return ret; return ret;


len2 = vsnprintf(ret, len + 1, fmt, ap); len2 = vsnprintf(ret, size, fmt, ap);
if (len2 != len) if (len2 != len)
BUG("your vsnprintf is broken (returns inconsistent lengths)"); BUG("your vsnprintf is broken (returns inconsistent lengths)");
return ret; return ret;