diff options
| author | Jim Meyering <jim@meyering.net> | 2009-11-03 18:55:21 +0100 |
|---|---|---|
| committer | Richard Jones <rjones@redhat.com> | 2009-11-04 11:36:59 +0000 |
| commit | ef642eb4e3bb278b5df14fbcf30403e3d30dcef3 (patch) | |
| tree | 61d6bdaad035474e8b66fd2e7c20acec262a22e8 /hivex/hivex.c | |
| parent | f95c697a44c321dd1d370620515aa71a71a4ad5b (diff) | |
| download | libguestfs-ef642eb4e3bb278b5df14fbcf30403e3d30dcef3.tar.gz libguestfs-ef642eb4e3bb278b5df14fbcf30403e3d30dcef3.tar.xz libguestfs-ef642eb4e3bb278b5df14fbcf30403e3d30dcef3.zip | |
hivex: fail upon integer overflow
* hivex/hivex.c (windows_utf16_to_utf8): Avoid overflow and a
potential infloop.
Diffstat (limited to 'hivex/hivex.c')
| -rw-r--r-- | hivex/hivex.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/hivex/hivex.c b/hivex/hivex.c index 4fa3b301..ac463465 100644 --- a/hivex/hivex.c +++ b/hivex/hivex.c @@ -1033,9 +1033,12 @@ windows_utf16_to_utf8 (/* const */ char *input, size_t len) size_t r = iconv (ic, &inp, &inlen, &outp, &outlen); if (r == (size_t) -1) { if (errno == E2BIG) { + size_t prev = outalloc; /* Try again with a larger output buffer. */ free (out); outalloc *= 2; + if (outalloc < prev) + return NULL; goto again; } else { |