From: Rasmus Villemoes Date: Fri, 30 Oct 2020 09:18:04 +0000 (+0100) Subject: string-util: improve overflow checking X-Git-Tag: v247-rc2~31^2~2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6ced0770c741170a05057dffbf3ef78e46eafe53;p=thirdparty%2Fsystemd.git string-util: improve overflow checking The current overflow checking is broken in the corner case of the strings' combined length being exactly SIZE_MAX: After the loop, l would be SIZE_MAX, but we're not testing whether the l+1 expression overflows. Fix it by simply pre-accounting for the final '\0': initialize l to 1 instead of 0. --- diff --git a/src/basic/string-util.c b/src/basic/string-util.c index c8993000b04..12c4ae177a2 100644 --- a/src/basic/string-util.c +++ b/src/basic/string-util.c @@ -145,7 +145,7 @@ char *strnappend(const char *s, const char *suffix, size_t b) { char *strjoin_real(const char *x, ...) { va_list ap; - size_t l = 0; + size_t l = 1; char *r, *p; va_start(ap, x); @@ -161,7 +161,7 @@ char *strjoin_real(const char *x, ...) { } va_end(ap); - p = r = new(char, l+1); + p = r = new(char, l); if (!r) return NULL;