From 402f757eb53038d17c4b5ec48dbdd86df7006957 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Mon, 8 Jul 2024 12:05:46 +0000
Subject: [PATCH 15/20] fix invalid args len set in execute_lxc_attach

Signed-off-by: jikai <jikai11@huawei.com>
---
 src/runtime/lcrcontainer_execute.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/runtime/lcrcontainer_execute.c b/src/runtime/lcrcontainer_execute.c
index 251fb85..e4cdcc1 100644
--- a/src/runtime/lcrcontainer_execute.c
+++ b/src/runtime/lcrcontainer_execute.c
@@ -836,7 +836,13 @@ static void execute_lxc_attach(const char *name, const char *path, const struct
         exit(EXIT_FAILURE);
     }
 
-    args_len = args_len + request->args_len + request->env_len;
+    if (args_len > SIZE_MAX - request->args_len || request->env_len > SIZE_MAX / 2
+        || args_len + request->args_len > SIZE_MAX - request->env_len * 2) {
+        COMMAND_ERROR("Too many arguments");
+        exit(EXIT_FAILURE);
+    }
+
+    args_len = args_len + request->args_len + request->env_len * 2;
 
     params = isula_smart_calloc_s(sizeof(char *), args_len);
     if (params == NULL) {
-- 
2.33.0