46 lines
1.4 KiB
Diff
46 lines
1.4 KiB
Diff
From bd670b1d4984b27d6a397b9ddafaf89ab26e4e7f Mon Sep 17 00:00:00 2001
|
|
From: David Cook <divergentdave@gmail.com>
|
|
Date: Sat, 14 Nov 2020 13:10:29 -0600
|
|
Subject: [PATCH] Follow-up to arithmetic overflow fix
|
|
|
|
Check if nmemb is zero in p11_rpc_message_alloc_extra_array to avoid a
|
|
division by zero trap. Additionally, change the reallocarray
|
|
compatibility shim so that it won't assert when resizing an array to
|
|
zero, and add the same nmemb != 0 check there.
|
|
---
|
|
common/compat.c | 4 ++--
|
|
p11-kit/rpc-message.c | 2 +-
|
|
2 files changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/common/compat.c b/common/compat.c
|
|
index be7e9e6..4390cef 100644
|
|
--- a/common/compat.c
|
|
+++ b/common/compat.c
|
|
@@ -525,8 +525,8 @@ reallocarray (void *ptr,
|
|
size_t nmemb,
|
|
size_t size)
|
|
{
|
|
- assert (nmemb > 0 && size > 0);
|
|
- if (SIZE_MAX / nmemb < size) {
|
|
+ assert (nmemb >= 0 && size >= 0);
|
|
+ if (nmemb != 0 && SIZE_MAX / nmemb < size) {
|
|
errno = ENOMEM;
|
|
return NULL;
|
|
}
|
|
diff --git a/p11-kit/rpc-message.c b/p11-kit/rpc-message.c
|
|
index 875adaf..8dfa30b 100644
|
|
--- a/p11-kit/rpc-message.c
|
|
+++ b/p11-kit/rpc-message.c
|
|
@@ -120,7 +120,7 @@ p11_rpc_message_alloc_extra_array (p11_rpc_message *msg,
|
|
size_t nmemb,
|
|
size_t size)
|
|
{
|
|
- if ((SIZE_MAX - sizeof (void *)) / nmemb < size) {
|
|
+ if (nmemb != 0 && (SIZE_MAX - sizeof (void *)) / nmemb < size) {
|
|
errno = ENOMEM;
|
|
return NULL;
|
|
}
|
|
--
|
|
1.8.3.1
|
|
|