提交 4a27eb13 编写于 作者: E Eric Blake

buf: protect against integer overflow

It's unlikely that we'll ever want to escape a string as long as
INT_MAX/6, but adding this check can't hurt.

* src/util/buf.c (virBufferEscapeSexpr, virBufferEscapeString):
Check for (unlikely) overflow.
上级 774b21c1
...@@ -311,7 +311,8 @@ virBufferEscapeString(const virBufferPtr buf, const char *format, const char *st ...@@ -311,7 +311,8 @@ virBufferEscapeString(const virBufferPtr buf, const char *format, const char *st
return; return;
} }
if (VIR_ALLOC_N(escaped, 6 * len + 1) < 0) { if (xalloc_oversized(6, len) ||
VIR_ALLOC_N(escaped, 6 * len + 1) < 0) {
virBufferSetError(buf); virBufferSetError(buf);
return; return;
} }
...@@ -398,7 +399,8 @@ virBufferEscapeSexpr(const virBufferPtr buf, ...@@ -398,7 +399,8 @@ virBufferEscapeSexpr(const virBufferPtr buf,
return; return;
} }
if (VIR_ALLOC_N(escaped, 2 * len + 1) < 0) { if (xalloc_oversized(2, len) ||
VIR_ALLOC_N(escaped, 2 * len + 1) < 0) {
virBufferSetError(buf); virBufferSetError(buf);
return; return;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册