2021-04-21 Paul Eggert <eggert@cs.ucla.edu>
+ careadlinkat: avoid ptrdiff_t overflow
+ * lib/careadlinkat.c: Include idx.h, minmax.h.
+ (readlink_stk): Avoid ptrdiff_t overflow in object allocation.
+ Since this module uses arbitrary allocators (including
+ stdlib_allocator), it cannot assume GNU malloc semantics.
+ * modules/careadlinkat (Depends-on): Add idx, minmax.
+
execute-tests: pacify compiler
* tests/test-execute-main.c (main): Use 0x7DEADBEE rather than
0xDEADBEEF for nonces, to avoid provoking AIX XLC compiler warning
#include "careadlinkat.h"
+#include "idx.h"
+#include "minmax.h"
+
#include <errno.h>
#include <limits.h>
#include <string.h>
ssize_t (*preadlinkat) (int, char const *, char *, size_t),
char stack_buf[STACK_BUF_SIZE])
{
- char *buf;
- size_t buf_size;
- size_t buf_size_max =
- SSIZE_MAX < SIZE_MAX ? (size_t) SSIZE_MAX + 1 : SIZE_MAX;
-
if (! alloc)
alloc = &stdlib_allocator;
buffer_size = STACK_BUF_SIZE;
}
- buf = buffer;
- buf_size = buffer_size;
+ char *buf = buffer;
+ idx_t buf_size_max = MIN (IDX_MAX, MIN (SSIZE_MAX, SIZE_MAX));
+ idx_t buf_size = MIN (buffer_size, buf_size_max);
while (buf)
{
/* Attempt to read the link into the current buffer. */
- ssize_t link_length = preadlinkat (fd, filename, buf, buf_size);
- size_t link_size;
+ idx_t link_length = preadlinkat (fd, filename, buf, buf_size);
if (link_length < 0)
{
if (buf != buffer)
return NULL;
}
- link_size = link_length;
+ idx_t link_size = link_length;
if (link_size < buf_size)
{
if (buf != buffer)
alloc->free (buf);
- if (buf_size < buf_size_max / 2)
- buf_size = 2 * buf_size + 1;
- else if (buf_size < buf_size_max)
- buf_size = buf_size_max;
- else if (buf_size_max < SIZE_MAX)
+ if (buf_size_max / 2 <= buf_size)
{
errno = ENAMETOOLONG;
return NULL;
}
- else
- break;
+
+ buf_size = 2 * buf_size + 1;
buf = alloc->allocate (buf_size);
}
projects / thirdparty / gnulib.git / commitdiff
