On Thu, Sep 30, 2010 at 03:06:30AM +0400, Dmitry V. Levin wrote:
> On Wed, Sep 29, 2010 at 11:57:19PM +0200, Lubomir Rintel wrote:
[...]
> > - if (!outstr)
> > + if (!outstr && (INT_MAX - sizeof "\"...\"") / 4 > max_strlen)
> > outstr = malloc(4 * max_strlen + sizeof "\"...\"");
BT
On Wed, Sep 29, 2010 at 11:57:19PM +0200, Lubomir Rintel wrote:
> Ridiculously high -s arguments could trigger an integer overflow and
> result in less memory allocated than desired and in turn a heap overflow
> and crash. Or at least annoy valgrind:
This is "garbage in garbage out" principle in a
Ridiculously high -s arguments could trigger an integer overflow and
result in less memory allocated than desired and in turn a heap overflow
and crash. Or at least annoy valgrind:
$ valgrind -q strace -o /dev/null -s655360 -f uname
==14212== Warning: silly arg (-2147483648) to malloc()
---
u
