[Libguestfs] [PATCH libguestfs] hivex: fail upon integer overflow
Jim Meyering
jim at meyering.net
Tue Nov 3 17:55:21 UTC 2009
This is probably only theoretical, but just the same...
>From 29edcca195d2998ca4a54aacec261752a3bdeb3d Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering at redhat.com>
Date: Tue, 3 Nov 2009 18:50:23 +0100
Subject: [PATCH libguestfs] hivex: fail upon integer overflow
* hivex/hivex.c (windows_utf16_to_utf8): Avoid overflow and a
potential infloop.
---
hivex/hivex.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/hivex/hivex.c b/hivex/hivex.c
index b522ccf..9c28679 100644
--- a/hivex/hivex.c
+++ b/hivex/hivex.c
@@ -1031,9 +1031,12 @@ windows_utf16_to_utf8 (/* const */ char *input, size_t len)
size_t r = iconv (ic, &inp, &inlen, &outp, &outlen);
if (r == (size_t) -1) {
if (errno == E2BIG) {
+ size_t prev = outalloc;
/* Try again with a larger output buffer. */
free (out);
outalloc *= 2;
+ if (outalloc < prev)
+ return NULL
goto again;
}
else {
--
1.6.5.2.292.g1cda2
More information about the Libguestfs
mailing list