From 0100f0ddf795d8cd2f7d1bfe4e12ec44382c3053 Mon Sep 17 00:00:00 2001 From: "Andrey A. Chernov" Date: Tue, 9 Mar 2010 21:06:17 +0000 Subject: [PATCH] Add SIZE_MAX overflow check --- usr.bin/comm/comm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr.bin/comm/comm.c b/usr.bin/comm/comm.c index b9109112dccf..ddad5dc8fe8a 100644 --- a/usr.bin/comm/comm.c +++ b/usr.bin/comm/comm.c @@ -201,6 +201,8 @@ convert(const char *str) if ((n = mbstowcs(NULL, str, 0)) == (size_t)-1) return (NULL); + if (SIZE_MAX / sizeof(*buf) < n + 1) + errx(1, "conversion buffer length overflow"); if ((buf = malloc((n + 1) * sizeof(*buf))) == NULL) err(1, "malloc"); if (mbstowcs(buf, str, n + 1) != n)