lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-08-08 17:42:12 +03:00
Code Activity

Check for integer overflows in formatting functions

Browse Source
This commit is contained in:
Andreas Schwab
2009-09-29 06:11:59 -07:00
committed by Ulrich Drepper
parent 9d076f21cd
commit 199eb0de8d
3 changed files with 45 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
stdio-common/printf_fp.c
View File

@@ -891,8 +891,15 @@ ___printf_fp (FILE *fp,
it is possible that we need two more characters in front of all the
other output. If the amount of memory we have to allocate is too
large use `malloc' instead of `alloca'. */
size_t wbuffer_to_alloc = (2 + (size_t) chars_needed) * sizeof (wchar_t);
buffer_malloced = ! __libc_use_alloca (chars_needed * 2 * sizeof (wchar_t));
if (__builtin_expect (chars_needed >= (size_t) -1 / sizeof (wchar_t) - 2
|| chars_needed < fracdig_max, 0))
{
/* Some overflow occurred. */
__set_errno (ERANGE);
return -1;
}
size_t wbuffer_to_alloc = (2 + chars_needed) * sizeof (wchar_t);
buffer_malloced = ! __libc_use_alloca (wbuffer_to_alloc);
if (__builtin_expect (buffer_malloced, 0))
{
wbuffer = (wchar_t *) malloc (wbuffer_to_alloc);