extra checking on memory allocation sizes to prevent a class of overflow attacks

2025-12-16 18:54:26 +00:00 · 2007-09-11 04:49:56 +00:00
parent 0221d87c89
commit 0f008d2e9e
26 changed files with 234 additions and 115 deletions
--- a/src/share/utf8/charset.c
+++ b/src/share/utf8/charset.c
@@ -35,6 +35,7 @@

 #include <stdlib.h>

+#include "share/alloc.h"
 #include "charset.h"

 #include "charmaps.h"
@@ -492,7 +493,7 @@ int charset_convert(const char *fromcode, const char *tocode,
  if (!charset1 || !charset2 )
    return -1;

-  tobuf = (char *)malloc(fromlen * charset2->max + 1);
+  tobuf = (char *)safe_malloc_mul2add_(fromlen, /*times*/charset2->max, /*+*/1);
  if (!tobuf)
    return -2;