This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=9ff1f50b1cf672569de4fe438be268dcf9495a33 commit 9ff1f50b1cf672569de4fe438be268dcf9495a33 Author: Guillem Jover <[email protected]> AuthorDate: Tue Jul 9 02:57:47 2024 +0200 libcompat: Fix vasprintf() to error out if vsnprintf() returns >= INT_MAX If the initial vsnprintf() call inside vasprintf() returns the needed amount of bytes >= INT_MAX, that means we could overflow either when adding one for the allocation if sizeof(size_t) == sizeof(int), or when passing the size of that buffer to the next vsnprintf() call where even if sizeof(size_t) > sizeof(int), the function will still need to return the number of written bytes. Set errno appropriately and return -1. Warned-by: coverity --- lib/compat/vasprintf.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/compat/vasprintf.c b/lib/compat/vasprintf.c index 9d53a3237..b5a278327 100644 --- a/lib/compat/vasprintf.c +++ b/lib/compat/vasprintf.c @@ -19,6 +19,8 @@ #include <config.h> +#include <errno.h> +#include <limits.h> #include <stdarg.h> #include <stdio.h> #include <stdlib.h> @@ -36,7 +38,9 @@ vasprintf(char **strp, char const *fmt, va_list args) needed = vsnprintf(NULL, 0, fmt, args_copy); va_end(args_copy); - if (needed < 0) { + if (needed < 0 || needed >= INT_MAX) { + if (needed >= INT_MAX) + errno = EOVERFLOW; *strp = NULL; return -1; } -- Dpkg.Org's dpkg
