Module Name: src Committed By: riastradh Date: Sat Aug 12 12:47:17 UTC 2023
Modified Files: src/lib/libc/gen: vis.c Log Message: vis(3): Avoid arithmetic overflow before calloc(3). Prompted by PR lib/57573. XXX pullup-10 XXX pullup-9 XXX pullup-8 To generate a diff of this commit: cvs rdiff -u -r1.78 -r1.79 src/lib/libc/gen/vis.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/lib/libc/gen/vis.c diff -u src/lib/libc/gen/vis.c:1.78 src/lib/libc/gen/vis.c:1.79 --- src/lib/libc/gen/vis.c:1.78 Sat Aug 12 12:46:50 2023 +++ src/lib/libc/gen/vis.c Sat Aug 12 12:47:17 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: vis.c,v 1.78 2023/08/12 12:46:50 riastradh Exp $ */ +/* $NetBSD: vis.c,v 1.79 2023/08/12 12:47:17 riastradh Exp $ */ /*- * Copyright (c) 1989, 1993 @@ -57,7 +57,7 @@ #include <sys/cdefs.h> #if defined(LIBC_SCCS) && !defined(lint) -__RCSID("$NetBSD: vis.c,v 1.78 2023/08/12 12:46:50 riastradh Exp $"); +__RCSID("$NetBSD: vis.c,v 1.79 2023/08/12 12:47:17 riastradh Exp $"); #endif /* LIBC_SCCS and not lint */ #ifdef __FBSDID __FBSDID("$FreeBSD$"); @@ -432,6 +432,14 @@ istrsenvisx(char **mbdstp, size_t *dlen, * return to the caller. */ + /* + * Guarantee the arithmetic on input to calloc won't overflow. + */ + if (mbslength > (SIZE_MAX - 1)/16) { + errno = ENOMEM; + return -1; + } + /* Allocate space for the wide char strings */ psrc = pdst = extra = NULL; mdst = NULL;