0110-top: Prevent integer overflows in config_file() and other_selection().

This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent e1f419737f
commit 2fabc50998

View File

@ -3303,6 +3303,9 @@ error Hey, fix the above fscanf 'PFLAGSSIZ' dependency !
size_t lraw = strlen(Inspect.raw) +1;
char *s;
if (i < 0 || (size_t)i >= INT_MAX / sizeof(struct I_ent)) break;
if (lraw >= INT_MAX - sizeof(fbuf)) break;
if (!fgets(fbuf, sizeof(fbuf), fp)) break;
lraw += strlen(fbuf) +1;
Inspect.raw = alloc_r(Inspect.raw, lraw);
@ -4165,6 +4168,9 @@ static void other_selection (int ch) {
, inc ? N_txt(WORD_include_txt) : N_txt(WORD_exclude_txt)));
return;
}
if (Curwin->osel_prt && strlen(Curwin->osel_prt) >= INT_MAX - (sizeof(raw) + 6)) {
return;
}
osel = alloc_c(sizeof(struct osel_s));
osel->inc = inc;
osel->enu = enu;