From ef642eb4e3bb278b5df14fbcf30403e3d30dcef3 Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Tue, 3 Nov 2009 18:55:21 +0100 Subject: [PATCH] hivex: fail upon integer overflow * hivex/hivex.c (windows_utf16_to_utf8): Avoid overflow and a potential infloop. --- hivex/hivex.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hivex/hivex.c b/hivex/hivex.c index 4fa3b30..ac46346 100644 --- a/hivex/hivex.c +++ b/hivex/hivex.c @@ -1033,9 +1033,12 @@ windows_utf16_to_utf8 (/* const */ char *input, size_t len) size_t r = iconv (ic, &inp, &inlen, &outp, &outlen); if (r == (size_t) -1) { if (errno == E2BIG) { + size_t prev = outalloc; /* Try again with a larger output buffer. */ free (out); outalloc *= 2; + if (outalloc < prev) + return NULL; goto again; } else { -- 1.8.3.1