Module Name: src
Committed By: riastradh
Date: Sat Aug 12 12:48:17 UTC 2023
Modified Files:
src/lib/libc/gen: vis.c
Log Message:
vis(3): Avoid potential arithmetic overflow in maxolen.
Can't easily prove that this overflow is impossible, so let's add a
check.
Prompted by PR lib/57573.
XXX pullup-10
XXX pullup-9
XXX pullup-8
To generate a diff of this commit:
cvs rdiff -u -r1.80 -r1.81 src/lib/libc/gen/vis.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libc/gen/vis.c
diff -u src/lib/libc/gen/vis.c:1.80 src/lib/libc/gen/vis.c:1.81
--- src/lib/libc/gen/vis.c:1.80 Sat Aug 12 12:48:01 2023
+++ src/lib/libc/gen/vis.c Sat Aug 12 12:48:17 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: vis.c,v 1.80 2023/08/12 12:48:01 riastradh Exp $ */
+/* $NetBSD: vis.c,v 1.81 2023/08/12 12:48:17 riastradh Exp $ */
/*-
* Copyright (c) 1989, 1993
@@ -57,7 +57,7 @@
#include <sys/cdefs.h>
#if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: vis.c,v 1.80 2023/08/12 12:48:01 riastradh Exp $");
+__RCSID("$NetBSD: vis.c,v 1.81 2023/08/12 12:48:17 riastradh Exp $");
#endif /* LIBC_SCCS and not lint */
#ifdef __FBSDID
__FBSDID("$FreeBSD$");
@@ -567,7 +567,15 @@ istrsenvisx(char **mbdstp, size_t *dlen,
* output byte-by-byte here. Else use wctomb().
*/
len = wcslen(start);
- maxolen = dlen ? *dlen : (len * MB_LEN_MAX + 1);
+ if (dlen) {
+ maxolen = *dlen;
+ } else {
+ if (len > (SIZE_MAX - 1)/MB_LEN_MAX) {
+ errno = ENOSPC;
+ goto out;
+ }
+ maxolen = len*MB_LEN_MAX + 1;
+ }
olen = 0;
memset(&mbstate, 0, sizeof(mbstate));
for (dst = start; len > 0; len--) {
