Google Git
Sign in
flutter/third_party/libzip/2e12740b66b4ebee989cfab3b0a56a5d2c6c5a0a^!/./regress
commit
2e12740b66b4ebee989cfab3b0a56a5d2c6c5a0a
[log]
author
Thomas Klausner <tk@giga.or.at>
Mon Apr 27 15:12:04 2015 +0200
committer
Thomas Klausner <tk@giga.or.at>
Mon Apr 27 15:12:04 2015 +0200
tree
bf3889f7bad3d36081298bbda2cd7e21accf61e4
parent
07dab0301103ff6a927df3a5092f86c6948885ec [diff]
Avoid integer overflow.
Coverity CID 1295382.

diff --git a/regress/source_hole.c b/regress/source_hole.c
index 8cf522b..d3e6bce 100644
--- a/regress/source_hole.c
+++ b/regress/source_hole.c

@@ -228,7 +228,8 @@
     buffer->size = get_u64(b+12);
     
     buffer->nfragments = (buffer->size + buffer->fragment_size - 1) / buffer->fragment_size;
-    if ((buffer->fragment = (zip_uint8_t **)malloc(sizeof(buffer->fragment[0]) * buffer->nfragments)) == NULL) {
+    if ((buffer->nfragments > SIZE_MAX/sizeof(buffer->fragment[0]))
+	|| ((buffer->fragment = (zip_uint8_t **)malloc(sizeof(buffer->fragment[0]) * buffer->nfragments)) == NULL)) {
         zip_error_set(error, ZIP_ER_MEMORY, 0);
         return -1;
     }