Commit 0f2318d9 authored by Vladimír Čunát's avatar Vladimír Čunát

utils kr_strcatdup: deal with overflowing size_t

It's very unlikely to happen - sum of string lengths overflowing -
even on a 32-bit platform, and the input seems not controllable by
adversaries, but let's fix it anyway.
parent 87b3af32
......@@ -114,13 +114,16 @@ char* kr_strcatdup(unsigned n, ...)
va_start(vl, n);
for (unsigned i = 0; i < n; ++i) {
char *item = va_arg(vl, char *);
total_len += strlen_safe(item);
const size_t new_len = total_len + strlen_safe(item);
if (unlikely(new_len < total_len)) return NULL;
total_len = new_len;
}
va_end(vl);
/* Allocate result and fill */
char *result = NULL;
if (total_len > 0) {
if (unlikely(total_len + 1 == 0)) return NULL;
result = malloc(total_len + 1);
}
if (result) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment