Mercurial > hg > ucx / file diff

diff: src/string.c

src/string.c

changeset 272
2def28b65328
parent 270
3d80d425543b
child 275
96f643d30ff1
--- a/src/string.c	Sun Jan 21 10:14:47 2018 +0100
+++ b/src/string.c	Sun Jan 21 10:57:32 2018 +0100
@@ -57,6 +57,10 @@
 
     for (size_t i = 1 ; i < n ; i++) {
         sstr_t str = va_arg(ap, sstr_t);
+        if(((size_t)-1) - str.length < size) {
+            size = 0;
+            break;
+        }
         size += str.length;
     }
     va_end(ap);
@@ -77,6 +81,10 @@
         return str;
     }
     
+    if(((size_t)-1) - s1.length < s2.length) {
+        return str;
+    }
+    
     sstr_t *strings = (sstr_t*) calloc(count, sizeof(sstr_t));
     if(!strings) {
         return str;
@@ -85,16 +93,25 @@
     // get all args and overall length
     strings[0] = s1;
     strings[1] = s2;
-    size_t strlen = s1.length + s2.length;
+    size_t slen = s1.length + s2.length;
+    int error = 0;
     for (size_t i=2;i<count;i++) {
         sstr_t s = va_arg (ap, sstr_t);
         strings[i] = s;
-        strlen += s.length;
+        if(((size_t)-1) - s.length < slen) {
+            error = 1;
+            break;
+        }
+        slen += s.length;
+    }
+    if(error) {
+        free(strings);
+        return str;
     }
     
     // create new string
-    str.ptr = (char*) almalloc(a, strlen + 1);
-    str.length = strlen;
+    str.ptr = (char*) almalloc(a, slen + 1);
+    str.length = slen;
     if(!str.ptr) {
         free(strings);
         str.length = 0;

Mercurial Repository: ucx

mercurial