jdk-build-libs
/
json-c
Not watched
1
0
Fork 0
Code
Releases 11 Wiki evaluate Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain HPC
Browse Source

Protect array_list_del_idx against size_t overflow. 

If the assignment of stop overflows due to idx and count being
larger than SIZE_T_MAX in sum, out of boundary access could happen.

It takes invalid usage of this function for this to happen, but
I decided to add this check so array_list_del_idx is as safe against
bad usage as the other arraylist functions.
tags/json-c-0.15-20200726
Tobias Stoeckmann 5 years ago
parent
1059007024
commit
099016b7e8
1 changed files with 3 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -0
      arraylist.c

+ 3
- 0
arraylist.c View File

@@ -136,6 +136,9 @@ int array_list_del_idx(struct array_list *arr, size_t idx, size_t count)
{
size_t i, stop;

/* Avoid overflow in calculation with large indices. */
if (idx > SIZE_T_MAX - count)
return -1;
stop = idx + count;
if (idx >= arr->length || stop > arr->length)
return -1;


Write Preview
Loading…
Cancel
Save