Prevent strange crashes in fmt with absurd goal lengths introduced by the

support for wide characters. If the sizeof (wchar_t) times max_length would yield a value beyond representation in a size_t, exit with a usage error up front, rather than strange errors down the line from trying to malloc (well, realloc) with a size of 0. This is perhaps not the optimal behaviour - a clamp may be more appropriate as we clamp the value of max_length now anyway, but this is at least better than segfaulting or worse. On systems which are friendly to malloc with a value of 0 the results could end up being strange corruption of the output.
2007-10-17 11:41:40 +00:00 · 2007-10-17 11:41:40 +00:00 · a2229407e5
commit a2229407e5
parent e5221e8ba2
1 changed files with 2 additions and 0 deletions
--- a/usr.bin/fmt/fmt.c
+++ b/usr.bin/fmt/fmt.c
@ -176,6 +176,7 @@ static const char copyright[] =
 __FBSDID("$FreeBSD$");

 #include <err.h>
+#include <limits.h>
 #include <locale.h>
 #include <stdio.h>
 #include <stdlib.h>
@ -351,6 +352,7 @@ main(int argc, char *argv[]) {
  }
  if (goal_length==0) goal_length = 65;
  if (max_length==0) max_length = goal_length+10;
+  if (max_length >= SIZE_T_MAX / sizeof (wchar_t)) errx(EX_USAGE, "max length too large");
  /* really needn't be longer */
  output_buffer = XMALLOC((max_length+1) * sizeof(wchar_t));