From 4729f8cc76fa067b8994a957f2d91f32b457ff1d Mon Sep 17 00:00:00 2001 From: giraffedata Date: Tue, 14 Jan 2020 15:55:52 +0000 Subject: Fix buffer overruns git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@3731 9d0c8265-081b-0410-96cb-a4ca84ce46f8 --- lib/pmfileio.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/pmfileio.c b/lib/pmfileio.c index 33f89110..bfb0d117 100644 --- a/lib/pmfileio.c +++ b/lib/pmfileio.c @@ -815,6 +815,10 @@ pm_read_unknown_size(FILE * const file, nalloc = PM_BUF_SIZE; MALLOCARRAY(buf, nalloc); + if (!buf) + pm_error("Failed to allocate %lu bytes for read buffer", + (unsigned long) nalloc); + eof = FALSE; /* initial value */ while(!eof) { @@ -825,7 +829,10 @@ pm_read_unknown_size(FILE * const file, nalloc += PM_MAX_BUF_INC; else nalloc += nalloc; - REALLOCARRAY_NOFAIL(buf, nalloc); + REALLOCARRAY(buf, nalloc); + if (!buf) + pm_error("Failed to allocate %lu bytes for read buffer", + (unsigned long) nalloc); } val = getc(file); @@ -889,14 +896,26 @@ pm_getline(FILE * const ifP, /* + 2 = 1 for 'c', one for terminating NUL */ bufferSz += 128; REALLOCARRAY(buffer, bufferSz); + if (!buffer) { + pm_error("Failed to allocate %lu bytes for buffer " + "to assemble a line of input", + (unsigned long) bufferSz); + } } buffer[nReadSoFar++] = c; } } } - if (gotLine) + if (gotLine) { + REALLOCARRAY(buffer, nReadSoFar+1); + if (!buffer) { + pm_error("Failed to allocate %lu bytes for buffer " + "to assemble a line of input", + (unsigned long) nReadSoFar+1); + } buffer[nReadSoFar] = '\0'; + } *eofP = eof; *bufferP = buffer; -- cgit 1.4.1