From fc9a644002dc501a5c224e5cc1a7dfba3ca2d1d8 Mon Sep 17 00:00:00 2001 From: David Oberhollenzer Date: Mon, 25 Nov 2019 13:13:05 +0100 Subject: Cleanup: move overflow safe alloc code into libsquashfs There were only a hand full of instances outside libsquashfs that used the alloc code. In most cases, the thing allocated hat its size derived from something already in memory anyway, so it is safe to assume its size fits into a size_t. At the same time, the opencoded Windows path conversion functions are all unified into a single helper function. Signed-off-by: David Oberhollenzer --- tar/tar2sqfs.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'tar') diff --git a/tar/tar2sqfs.c b/tar/tar2sqfs.c index d0f2851..0076537 100644 --- a/tar/tar2sqfs.c +++ b/tar/tar2sqfs.c @@ -6,6 +6,7 @@ */ #include "config.h" #include "common.h" +#include "compat.h" #include "tar.h" #include @@ -213,7 +214,7 @@ static int write_file(tar_header_decoded_t *hdr, file_info_t *fi, { const sparse_map_t *it; sqfs_inode_generic_t *inode; - size_t max_blk_count; + size_t size, max_blk_count; sqfs_file_t *file; sqfs_u64 sum; int ret; @@ -222,7 +223,14 @@ static int write_file(tar_header_decoded_t *hdr, file_info_t *fi, if (filesize % cfg.block_size) ++max_blk_count; - inode = alloc_flex(sizeof(*inode), sizeof(sqfs_u32), max_blk_count); + if (SZ_MUL_OV(sizeof(sqfs_u32), max_blk_count, &size) || + SZ_ADD_OV(sizeof(*inode), size, &size)) { + fputs("creating file inode: too many blocks\n", + stderr); + return -1; + } + + inode = calloc(1, size); if (inode == NULL) { perror("creating file inode"); return -1; -- cgit v1.2.3