diff options
author | René Scharfe <l.s.r@web.de> | 2024-03-31 20:53:07 +0200 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2024-03-31 16:00:36 -0700 |
commit | ffeaf2f76ab422428d6190d0cfbca2f34f06602a (patch) | |
tree | 15729fa77bc7df1789cbf94c630187bb7409df82 | |
parent | f39addd0d9d75a073847ed4311079a499dd33f35 (diff) | |
download | git-ffeaf2f76ab422428d6190d0cfbca2f34f06602a.tar.gz |
mem-pool: use st_add() in mem_pool_strvfmt()
If len is INT_MAX in mem_pool_strvfmt(), then len + 1 overflows.
Casting it to size_t would prevent that. Use st_add() to go a step
further and make the addition *obviously* safe. The compiler can
optimize the check away on platforms where SIZE_MAX > INT_MAX, i.e.
basically everywhere.
Signed-off-by: René Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | mem-pool.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/mem-pool.c b/mem-pool.c index 2078c22b09..3065b12b23 100644 --- a/mem-pool.c +++ b/mem-pool.c @@ -115,6 +115,7 @@ static char *mem_pool_strvfmt(struct mem_pool *pool, const char *fmt, size_t available = block ? block->end - block->next_free : 0; va_list cp; int len, len2; + size_t size; char *ret; va_copy(cp, ap); @@ -123,13 +124,14 @@ static char *mem_pool_strvfmt(struct mem_pool *pool, const char *fmt, if (len < 0) BUG("your vsnprintf is broken (returned %d)", len); - ret = mem_pool_alloc(pool, len + 1); /* 1 for NUL */ + size = st_add(len, 1); /* 1 for NUL */ + ret = mem_pool_alloc(pool, size); /* Shortcut; relies on mem_pool_alloc() not touching buffer contents. */ if (ret == next_free) return ret; - len2 = vsnprintf(ret, len + 1, fmt, ap); + len2 = vsnprintf(ret, size, fmt, ap); if (len2 != len) BUG("your vsnprintf is broken (returns inconsistent lengths)"); return ret; |