SECURITY: check for integer overflow in stralloc_ready

11 years ago · f7fee036c1
parent 539ef564ab
commit f7fee036c1
4 changed files with 54 additions and 3 deletions
--- a/1
+++ b/1
@ -10,6 +10,7 @@
  added fmt_escapechar* to fmt.h (implement various escaping mechanisms also found in textcode but for a single char not a whole string, and they always escape, not just when they think it's needed)
  scan_ushort was supposed to abort early and return 5 when attempting to parse "65536", because the result does not fit.  It did not.  Now it does.
  scan_*long, scan_*int, scan_*short now properly abort if the number would not fit
  SECURITY: check for integer overflow in stralloc_ready
 0.29:
  save 8 bytes in taia.h for 64-bit systems
--- a/stralloc/stralloc_free.c
+++ b/stralloc/stralloc_free.c
@ -4,4 +4,5 @@
 void stralloc_free(stralloc *sa) {
  if (sa->s) free(sa->s);
  sa->s=0;
  sa->a=sa->len=0;
 }
--- a/stralloc/stralloc_ready.c
+++ b/stralloc/stralloc_ready.c
@ -9,7 +9,7 @@
 * old space, and returns 1. Note that this changes sa.s. */
 int stralloc_ready(stralloc *sa,size_t len) {
  register size_t wanted=len+(len>>3)+30; /* heuristic from djb */
-  if (!sa->s || sa->a<len) {
+  if (wanted<len || !sa->s || sa->a<len) {
    register char* tmp;
    if (!(tmp=realloc(sa->s,wanted)))
      return 0;
--- a/test/marshal.c
+++ b/test/marshal.c
@ -1,14 +1,20 @@
 #include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <fmt.h>
 #include <scan.h>
 #include <textcode.h>
 #include <byte.h>
 #include <assert.h>
 #include <uint16.h>
 #include <uint32.h>
 #include <uint64.h>
 #include <openreadclose.h>
 #include <mmap.h>
 char buf[100];
 stralloc sa;
 void zap() { size_t i; for (i=0; i<sizeof(buf); ++i) buf[i]='_'; }
@ -26,6 +32,13 @@ int main() {
  signed int i;
  signed short s;
  long flen;
  char* stdiocopy;
 #ifdef NDEBUG
 #error This is a unit test that uses assert() or all checks, compile without -DNDEBUG!
 #endif
  // check utf8 encoding
  zap(); assert(fmt_utf8(NULL,12345) == 3);
  zap(); assert(fmt_utf8(buf,12345) == 3 && byte_equal(buf,4,"\xe3\x80\xb9_"));
@ -306,5 +319,41 @@ int main() {
    }
  }
  {
    char* mmapcopy;
    FILE* f;
    size_t mlen;
    assert(f=fopen("test/marshal.c","rb"));
    assert(fseek(f,0,SEEK_END)==0);
    flen=ftell(f);
    assert(flen>4096);
    fseek(f,0,SEEK_SET);
    assert(stdiocopy=malloc(flen));
    assert(fread(stdiocopy,1,flen,f)==flen);
    fclose(f);
    assert(openreadclose("test/marshal.c",&sa,4096)==1);
    assert(sa.len == flen);
    assert(byte_equal(sa.s,flen,stdiocopy));
    assert((mmapcopy=mmap_read("test/marshal.c",&mlen)) && mlen==flen);
    assert(byte_equal(sa.s,flen,mmapcopy));
    mmap_unmap(mmapcopy,mlen);
  }
  stralloc_free(&sa);
  assert(stralloc_ready(&sa,0x1000));
  assert(sa.a >= 0x1000);
  assert(stralloc_copyb(&sa,stdiocopy,0x900));
  assert(sa.len == 0x900);
  assert(stralloc_catb(&sa,stdiocopy+0x900,0x700));
  assert(sa.len == 0x1000);
  assert(byte_equal(sa.s,0x1000,stdiocopy));
  assert(stralloc_readyplus(&sa,0x1000));
  assert(sa.a >= 0x2000);
  assert(stralloc_readyplus(&sa,(size_t)-1)==0);
  assert(stralloc_ready(&sa,(size_t)-1)==0);
  return 0;
 }