mirror of
https://github.com/claunia/flac.git
synced 2025-12-16 18:54:26 +00:00
extra checking on memory allocation sizes to prevent a class of overflow attacks
This commit is contained in:
Josh Coalson
@@ -25,6 +25,7 @@
|
||||
#include "utils.h"
|
||||
#include "FLAC/assert.h"
|
||||
#include "FLAC/metadata.h"
|
||||
#include "share/alloc.h"
|
||||
#include "share/grabbag.h"
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@@ -446,8 +447,8 @@ FLAC__bool do_shorthand_operation__add_replay_gain(char **filenames, unsigned nu
|
||||
}
|
||||
|
||||
if(
|
||||
0 == (title_gains = (float*)malloc(sizeof(float) * num_files)) ||
|
||||
0 == (title_peaks = (float*)malloc(sizeof(float) * num_files))
|
||||
0 == (title_gains = (float*)safe_malloc_mul_2op_(sizeof(float), /*times*/num_files)) ||
|
||||
0 == (title_peaks = (float*)safe_malloc_mul_2op_(sizeof(float), /*times*/num_files))
|
||||
)
|
||||
die("out of memory allocating space for title gains/peaks");
|
||||
|
||||
|
||||
@@ -24,6 +24,7 @@
|
||||
#include "usage.h"
|
||||
#include "utils.h"
|
||||
#include "FLAC/assert.h"
|
||||
#include "share/alloc.h"
|
||||
#include "share/grabbag/replaygain.h"
|
||||
#include <ctype.h>
|
||||
#include <stdio.h>
|
||||
@@ -185,7 +186,7 @@ FLAC__bool parse_options(int argc, char *argv[], CommandLineOptions *options)
|
||||
|
||||
if(options->num_files > 0) {
|
||||
unsigned i = 0;
|
||||
if(0 == (options->filenames = (char**)malloc(sizeof(char*) * options->num_files)))
|
||||
if(0 == (options->filenames = (char**)safe_malloc_mul_2op_(sizeof(char*), /*times*/options->num_files)))
|
||||
die("out of memory allocating space for file names list");
|
||||
while(share__optind < argc)
|
||||
options->filenames[i++] = local_strdup(argv[share__optind++]);
|
||||
@@ -718,8 +719,10 @@ void append_new_operation(CommandLineOptions *options, Operation operation)
|
||||
}
|
||||
if(options->ops.capacity <= options->ops.num_operations) {
|
||||
unsigned original_capacity = options->ops.capacity;
|
||||
options->ops.capacity *= 4;
|
||||
if(0 == (options->ops.operations = (Operation*)realloc(options->ops.operations, sizeof(Operation) * options->ops.capacity)))
|
||||
if(options->ops.capacity > SIZE_MAX / 2) /* overflow check */
|
||||
die("out of memory allocating space for option list");
|
||||
options->ops.capacity *= 2;
|
||||
if(0 == (options->ops.operations = (Operation*)safe_realloc_mul_2op_(options->ops.operations, sizeof(Operation), /*times*/options->ops.capacity)))
|
||||
die("out of memory allocating space for option list");
|
||||
memset(options->ops.operations + original_capacity, 0, sizeof(Operation) * (options->ops.capacity - original_capacity));
|
||||
}
|
||||
@@ -737,8 +740,10 @@ void append_new_argument(CommandLineOptions *options, Argument argument)
|
||||
}
|
||||
if(options->args.capacity <= options->args.num_arguments) {
|
||||
unsigned original_capacity = options->args.capacity;
|
||||
options->args.capacity *= 4;
|
||||
if(0 == (options->args.arguments = (Argument*)realloc(options->args.arguments, sizeof(Argument) * options->args.capacity)))
|
||||
if(options->args.capacity > SIZE_MAX / 2) /* overflow check */
|
||||
die("out of memory allocating space for option list");
|
||||
options->args.capacity *= 2;
|
||||
if(0 == (options->args.arguments = (Argument*)safe_realloc_mul_2op_(options->args.arguments, sizeof(Argument), /*times*/options->args.capacity)))
|
||||
die("out of memory allocating space for option list");
|
||||
memset(options->args.arguments + original_capacity, 0, sizeof(Argument) * (options->args.capacity - original_capacity));
|
||||
}
|
||||
@@ -969,7 +974,7 @@ FLAC__bool parse_block_number(const char *in, Argument_BlockNumber *out)
|
||||
|
||||
/* make space */
|
||||
FLAC__ASSERT(out->num_entries > 0);
|
||||
if(0 == (out->entries = (unsigned*)malloc(sizeof(unsigned) * out->num_entries)))
|
||||
if(0 == (out->entries = (unsigned*)safe_malloc_mul_2op_(sizeof(unsigned), /*times*/out->num_entries)))
|
||||
die("out of memory allocating space for option list");
|
||||
|
||||
/* load 'em up */
|
||||
@@ -1008,7 +1013,7 @@ FLAC__bool parse_block_type(const char *in, Argument_BlockType *out)
|
||||
|
||||
/* make space */
|
||||
FLAC__ASSERT(out->num_entries > 0);
|
||||
if(0 == (out->entries = (Argument_BlockTypeEntry*)malloc(sizeof(Argument_BlockTypeEntry) * out->num_entries)))
|
||||
if(0 == (out->entries = (Argument_BlockTypeEntry*)safe_malloc_mul_2op_(sizeof(Argument_BlockTypeEntry), /*times*/out->num_entries)))
|
||||
die("out of memory allocating space for option list");
|
||||
|
||||
/* load 'em up */
|
||||
|
||||
@@ -22,6 +22,7 @@
|
||||
|
||||
#include "utils.h"
|
||||
#include "FLAC/assert.h"
|
||||
#include "share/alloc.h"
|
||||
#include "share/utf8.h"
|
||||
#include <ctype.h>
|
||||
#include <stdarg.h>
|
||||
@@ -57,7 +58,7 @@ char *local_strdup(const char *source)
|
||||
|
||||
void local_strcat(char **dest, const char *source)
|
||||
{
|
||||
unsigned ndest, nsource;
|
||||
size_t ndest, nsource;
|
||||
|
||||
FLAC__ASSERT(0 != dest);
|
||||
FLAC__ASSERT(0 != source);
|
||||
@@ -68,7 +69,7 @@ void local_strcat(char **dest, const char *source)
|
||||
if(nsource == 0)
|
||||
return;
|
||||
|
||||
*dest = (char*)realloc(*dest, ndest + nsource + 1);
|
||||
*dest = (char*)safe_realloc_add_3op_(*dest, ndest, /*+*/nsource, /*+*/1);
|
||||
if(0 == *dest)
|
||||
die("out of memory growing string");
|
||||
strcpy((*dest)+ndest, source);
|
||||
|
||||
Reference in New Issue
Block a user