Commit f1077b7a authored by Committed by Craig SmallBrowse files
proc/alloc.*: Use size_t, not unsigned int.
Otherwise this can truncate sizes on 64-bit platforms, and is one of the reasons the integer overflows in file2strvec() are exploitable at all. Also: catch potential integer overflow in xstrdup() (should never happen, but better safe than sorry), and use memcpy() instead of strcpy() (faster). Warnings: - in glibc, realloc(ptr, 0) is equivalent to free(ptr), but not here, because of the ++size; - here, xstrdup() can return NULL (if str is NULL), which goes against the idea of the xalloc wrappers. We were tempted to call exit() or xerrx() in those cases, but decided against it, because it might break things in unexpected places; TODO?
Showing with 14 additions and 10 deletions