Fix heap buffer overflow

author: Thomas Voss <mail@thomasvoss.com> 2024-10-30 11:08:03 +0100
committer: Thomas Voss <mail@thomasvoss.com> 2024-10-30 11:08:03 +0100
commit: 94d0633ac6e323828f2f6dc89ee71d307e4c71f4 (patch)
tree: 6d03e9cf06f4aa265c64a95e608f31e74984d17e
parent: 566cef5c77d4a884f054857c7aa4d3e76d19479e (diff)
1 files changed, 7 insertions, 6 deletions
diff --git a/src/work.c b/src/work.c
index fc65fd2..510fa07 100644
--- a/src/work.c
+++ b/src/work.c
@@ -4,7 +4,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <stdatomic.h>
-#include <stdckdint.h>
+#include <stdbit.h>
 #include <stddef.h>
 #include <stdint.h>
 #include <stdio.h>
@@ -118,11 +118,10 @@ process_file(const char *locl_filename, unsigned char **locl_buf)
 	} else {
 		ptrdiff_t nw = 0;
 		for (;;) {
-			if (nw + st.st_blksize > basecap) {
-				if (ckd_mul(&basecap, basecap, 2)) {
-					errno = EOVERFLOW;
-					cerr(EXIT_FATAL, "realloc:");
-				}
+			ptrdiff_t want = nw + st.st_blksize;
+			if (want > basecap) {
+				/* TODO: Check for overflow (top bit set) */
+				basecap = (ptrdiff_t)stdc_bit_ceil((size_t)want);
 				if ((baseptr = realloc(baseptr, basecap)) == nullptr)
 					cerr(EXIT_FATAL, "realloc:");
 			}
@@ -152,7 +151,9 @@ process_file(const char *locl_filename, unsigned char **locl_buf)
 		(void)close(fd);
 #if DEBUG
 	free(baseptr);
+	array_free(hl);
 	baseptr = nullptr;
+	hl = nullptr;
 #endif
 	return;
author	Thomas Voss <mail@thomasvoss.com>	2024-10-30 11:08:03 +0100
committer	Thomas Voss <mail@thomasvoss.com>	2024-10-30 11:08:03 +0100
commit	94d0633ac6e323828f2f6dc89ee71d307e4c71f4 (patch)
tree	6d03e9cf06f4aa265c64a95e608f31e74984d17e
parent	566cef5c77d4a884f054857c7aa4d3e76d19479e (diff)