attr: harden allocation against integer overflows

When parsing an attributes line, we need to allocate an array that holds
all attributes specified for the given file pattern. The calculation to
determine the number of bytes that need to be allocated was prone to an
overflow though when there was an unreasonable amount of attributes.

Harden the allocation by instead using the `st_` helper functions that
cause us to die when we hit an integer overflow.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/attr.c b/attr.c
index d1faf69083afea110da6c3c61a5011acabe587cd..a9f7063cfc9c3fb1a7cc458616304f8bc508e3e4 100644 (file)
--- a/attr.c
+++ b/attr.c
@@ -380,10 +380,9 @@ static struct match_attr *parse_attr_line(const char *line, const char *src,
                        goto fail_return;
        }
 
-       res = xcalloc(1,
-                     sizeof(*res) +
-                     sizeof(struct attr_state) * num_attr +
-                     (is_macro ? 0 : namelen + 1));
+       res = xcalloc(1, st_add3(sizeof(*res),
+                                st_mult(sizeof(struct attr_state), num_attr),
+                                is_macro ? 0 : namelen + 1));
        if (is_macro) {
                res->u.attr = git_attr_internal(name, namelen);
        } else {