summaryrefslogtreecommitdiff
path: root/lib/sqfs/read_inode.c
diff options
context:
space:
mode:
authorDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2019-08-23 13:23:58 +0200
committerDavid Oberhollenzer <david.oberhollenzer@sigma-star.at>2019-08-23 13:44:13 +0200
commita38b1cbc5e917d945340a6dd9dba4274a2eb8789 (patch)
treebe3a59cc2c3013c95fe5899306232dabff25c9de /lib/sqfs/read_inode.c
parent029a8db2701afb0653c6e789c878bb768ceb87e1 (diff)
Size accounting + alloc() overflow checking, round #2
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'lib/sqfs/read_inode.c')
-rw-r--r--lib/sqfs/read_inode.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/lib/sqfs/read_inode.c b/lib/sqfs/read_inode.c
index 79c5a55..e4b4dfa 100644
--- a/lib/sqfs/read_inode.c
+++ b/lib/sqfs/read_inode.c
@@ -159,6 +159,7 @@ static sqfs_inode_generic_t *read_inode_slink(meta_reader_t *ir,
{
sqfs_inode_generic_t *out;
sqfs_inode_slink_t slink;
+ size_t size;
if (meta_reader_read(ir, &slink, sizeof(slink)))
return NULL;
@@ -166,12 +167,15 @@ static sqfs_inode_generic_t *read_inode_slink(meta_reader_t *ir,
SWAB32(slink.nlink);
SWAB32(slink.target_size);
- out = calloc(1, sizeof(*out) + slink.target_size + 1);
- if (out == NULL) {
- perror("reading symlink inode");
- return NULL;
+ if (SZ_ADD_OV(slink.target_size, 1, &size) ||
+ SZ_ADD_OV(sizeof(*out), size, &size)) {
+ goto fail;
}
+ out = calloc(1, size);
+ if (out == NULL)
+ goto fail;
+
out->slink_target = (char *)out->extra;
out->base = *base;
out->data.slink = slink;
@@ -182,6 +186,9 @@ static sqfs_inode_generic_t *read_inode_slink(meta_reader_t *ir,
}
return out;
+fail:
+ perror("reading symlink inode");
+ return NULL;
}
static sqfs_inode_generic_t *read_inode_slink_ext(meta_reader_t *ir,
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 11:19:40 +0000