mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-07 17:28:15 +00:00
buf: protect against integer overflow
It's unlikely that we'll ever want to escape a string as long as INT_MAX/6, but adding this check can't hurt. * src/util/buf.c (virBufferEscapeSexpr, virBufferEscapeString): Check for (unlikely) overflow.
This commit is contained in:
parent
774b21c163
commit
4a27eb1398
@ -311,7 +311,8 @@ virBufferEscapeString(const virBufferPtr buf, const char *format, const char *st
|
||||
return;
|
||||
}
|
||||
|
||||
if (VIR_ALLOC_N(escaped, 6 * len + 1) < 0) {
|
||||
if (xalloc_oversized(6, len) ||
|
||||
VIR_ALLOC_N(escaped, 6 * len + 1) < 0) {
|
||||
virBufferSetError(buf);
|
||||
return;
|
||||
}
|
||||
@ -398,7 +399,8 @@ virBufferEscapeSexpr(const virBufferPtr buf,
|
||||
return;
|
||||
}
|
||||
|
||||
if (VIR_ALLOC_N(escaped, 2 * len + 1) < 0) {
|
||||
if (xalloc_oversized(2, len) ||
|
||||
VIR_ALLOC_N(escaped, 2 * len + 1) < 0) {
|
||||
virBufferSetError(buf);
|
||||
return;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user