ref: cdb4c5f553ace09bb984fe9546f15f66a1543c36
parent: 9bec983923411bb41ecf8af8ea116e342e0cb2d0
parent: 57639f37656e5f132a140255579f79230ccdcbee
author: Eldred Habert <[email protected]>
date: Sun Apr 12 22:50:58 EDT 2020
Merge pull request #509 from JL2210/zero-alloc-use-fix-3 Fix use of zero-allocated memory
--- a/src/link/patch.c
+++ b/src/link/patch.c
@@ -82,10 +82,20 @@
static void pushRPN(int32_t value)
{ if (stack.size >= stack.capacity) {- stack.capacity *= 2;
+ static const size_t increase_factor = 2;
+
+ if (stack.capacity > SIZE_MAX / increase_factor)
+ errx(1, "Overflow in RPN stack resize");
+
+ stack.capacity *= increase_factor;
stack.buf =
realloc(stack.buf, sizeof(*stack.buf) * stack.capacity);
- if (!stack.buf)
+ /*
+ * Static analysis tools complain that the capacity might become
+ * zero due to overflow, but fail to realize that it's caught by
+ * the overflow check above. Hence the stringent check below.
+ */
+ if (!stack.buf || !stack.capacity)
err(1, "Failed to resize RPN stack");
}