lib/misc: StrUtil_SafeStrcat length overflow checking

The check for overflow in StrUtil_SafeStrcat needs work.

Might as well avoid protential overflow while also checking for
"insane" string lengths.

diff --git a/open-vm-tools/lib/misc/strutil.c b/open-vm-tools/lib/misc/strutil.c
index 52d2f5320b92096159c1abf60a514a89a91a5358..b5c616a6a15e96d744f1062b94da8da5ea2e7a1a 100644 (file)
--- a/open-vm-tools/lib/misc/strutil.c
+++ b/open-vm-tools/lib/misc/strutil.c
@@ -26,6 +26,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdint.h>
 #if !defined(_WIN32)
 #include <strings.h> /* For strncasecmp */
 #endif
@@ -1140,15 +1141,21 @@ StrUtil_SafeDynBufPrintf(DynBuf *b,        // IN/OUT
  */
 
 void
-StrUtil_SafeStrcat(char **prefix,    // IN/OUT
-                   const char *str)  // IN
+StrUtil_SafeStrcat(char **prefix,    // IN/OUT:
+                   const char *str)  // IN:
 {
    char *tmp;
-   size_t plen = *prefix != NULL ? strlen(*prefix) : 0;
+   size_t plen = (*prefix == NULL) ? 0 : strlen(*prefix);
    size_t slen = strlen(str);
 
-   /* Check for overflow */
-   VERIFY((size_t)-1 - plen > slen + 1);
+   /*
+    * If we're manipulating strings that are anywhere near max(size_t)/2 in
+    * length we're doing something very wrong. Avoid potential overflow by
+    * checking for "insane" operations. Prevent the problem before it gets
+    * started.
+    */
+
+   VERIFY((plen < (SIZE_MAX/2)) && (slen < (SIZE_MAX/2)));
 
    tmp = Util_SafeRealloc(*prefix, plen + slen + 1 /* NUL */);