Leahnaya/pokecrystal
1
0
Fork 0
mirror of https://github.com/pret/pokecrystal.git synced 2026-04-24 23:09:31 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix integer overflow in buffer_append (make_patch.c)

Browse Source 
Add overflow checks before capacity doubling and allocation size
calculation to prevent potential buffer overflow when capacity * item_size
overflows SIZE_MAX.
This commit is contained in:
Trung Lê 2026-02-04 10:29:27 +11:00
parent 2ad9616586
commit 2ca8fa1073
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tools/make_patch.c
View File

@ -35,7 +35,16 @@ struct Buffer *buffer_create(size_t item_size) {
void buffer_append(struct Buffer *buffer, const void *item) {
if (buffer->size >= buffer->capacity) {
buffer->capacity = (buffer->capacity + 1) * 2;
size_t new_capacity = (buffer->capacity + 1) * 2;
// Check for overflow in capacity calculation
if (new_capacity <= buffer->capacity) {
error_exit("Error: Buffer capacity overflow\n");
}
// Check for overflow in allocation size calculation
if (new_capacity > SIZE_MAX / buffer->item_size) {
error_exit("Error: Buffer allocation size overflow\n");
}
buffer->capacity = new_capacity;
buffer->data = xrealloc(buffer->data, buffer->capacity * buffer->item_size);
}
memcpy((char *)buffer->data + (buffer->size++ * buffer->item_size), item, buffer->item_size);