• Jeff King's avatar
    harden REALLOC_ARRAY and xcalloc against size_t overflow · e7792a74
    Jeff King authored
    REALLOC_ARRAY inherently involves a multiplication which can
    overflow size_t, resulting in a much smaller buffer than we
    think we've allocated. We can easily harden it by using
    st_mult() to check for overflow.  Likewise, we can add
    ALLOC_ARRAY to do the same thing for xmalloc calls.
    xcalloc() should already be fine, because it takes the two
    factors separately, assuming the system calloc actually
    checks for overflow. However, before we even hit the system
    calloc(), we do our memory_limit_check, which involves a
    multiplication. Let's check for overflow ourselves so that
    this limit cannot be bypassed.
    Signed-off-by: default avatarJeff King <peff@peff.net>
    Signed-off-by: default avatarJunio C Hamano <gitster@pobox.com>
wrapper.c 15 KB