hivex: fail upon integer overflow
authorJim Meyering <jim@meyering.net>
Tue, 3 Nov 2009 17:55:21 +0000 (18:55 +0100)
committerRichard Jones <rjones@redhat.com>
Fri, 19 Feb 2010 14:47:38 +0000 (14:47 +0000)
* hivex/hivex.c (windows_utf16_to_utf8): Avoid overflow and a
potential infloop.

hivex/hivex.c

index 4fa3b30..ac46346 100644 (file)
@@ -1033,9 +1033,12 @@ windows_utf16_to_utf8 (/* const */ char *input, size_t len)
   size_t r = iconv (ic, &inp, &inlen, &outp, &outlen);
   if (r == (size_t) -1) {
     if (errno == E2BIG) {
+      size_t prev = outalloc;
       /* Try again with a larger output buffer. */
       free (out);
       outalloc *= 2;
+      if (outalloc < prev)
+        return NULL;
       goto again;
     }
     else {