diff options
author | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2020-01-14 15:55:52 +0000 |
---|---|---|
committer | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2020-01-14 15:55:52 +0000 |
commit | 4729f8cc76fa067b8994a957f2d91f32b457ff1d (patch) | |
tree | 875e9ee4871a60c58bb489eb55ea408193f2615b /lib | |
parent | 36b17dd0c515ebf7a5916575ead970439295fc46 (diff) | |
download | netpbm-mirror-4729f8cc76fa067b8994a957f2d91f32b457ff1d.tar.gz netpbm-mirror-4729f8cc76fa067b8994a957f2d91f32b457ff1d.tar.xz netpbm-mirror-4729f8cc76fa067b8994a957f2d91f32b457ff1d.zip |
Fix buffer overruns
git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@3731 9d0c8265-081b-0410-96cb-a4ca84ce46f8
Diffstat (limited to 'lib')
-rw-r--r-- | lib/pmfileio.c | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/lib/pmfileio.c b/lib/pmfileio.c index 33f89110..bfb0d117 100644 --- a/lib/pmfileio.c +++ b/lib/pmfileio.c @@ -815,6 +815,10 @@ pm_read_unknown_size(FILE * const file, nalloc = PM_BUF_SIZE; MALLOCARRAY(buf, nalloc); + if (!buf) + pm_error("Failed to allocate %lu bytes for read buffer", + (unsigned long) nalloc); + eof = FALSE; /* initial value */ while(!eof) { @@ -825,7 +829,10 @@ pm_read_unknown_size(FILE * const file, nalloc += PM_MAX_BUF_INC; else nalloc += nalloc; - REALLOCARRAY_NOFAIL(buf, nalloc); + REALLOCARRAY(buf, nalloc); + if (!buf) + pm_error("Failed to allocate %lu bytes for read buffer", + (unsigned long) nalloc); } val = getc(file); @@ -889,14 +896,26 @@ pm_getline(FILE * const ifP, /* + 2 = 1 for 'c', one for terminating NUL */ bufferSz += 128; REALLOCARRAY(buffer, bufferSz); + if (!buffer) { + pm_error("Failed to allocate %lu bytes for buffer " + "to assemble a line of input", + (unsigned long) bufferSz); + } } buffer[nReadSoFar++] = c; } } } - if (gotLine) + if (gotLine) { + REALLOCARRAY(buffer, nReadSoFar+1); + if (!buffer) { + pm_error("Failed to allocate %lu bytes for buffer " + "to assemble a line of input", + (unsigned long) nReadSoFar+1); + } buffer[nReadSoFar] = '\0'; + } *eofP = eof; *bufferP = buffer; |