hivex: fail upon integer overflow

author Jim Meyering <jim@meyering.net>

Tue, 3 Nov 2009 17:55:21 +0000 (18:55 +0100)

committer Richard Jones <rjones@redhat.com>

Wed, 4 Nov 2009 11:36:59 +0000 (11:36 +0000)
author Jim Meyering <jim@meyering.net>
Tue, 3 Nov 2009 17:55:21 +0000 (18:55 +0100)
committer Richard Jones <rjones@redhat.com>
Wed, 4 Nov 2009 11:36:59 +0000 (11:36 +0000)
diff --git a/hivex/hivex.c b/hivex/hivex.c

index 4fa3b30..ac46346 100644 (file)
--- a/hivex/hivex.c
+++ b/hivex/hivex.c
@@ -1033,9 +1033,12 @@ windows_utf16_to_utf8 (/* const */ char *input, size_t len)
    size_t r = iconv (ic, &inp, &inlen, &outp, &outlen);
    if (r == (size_t) -1) {
      if (errno == E2BIG) {
    size_t r = iconv (ic, &inp, &inlen, &outp, &outlen);
    if (r == (size_t) -1) {
      if (errno == E2BIG) {
+      size_t prev = outalloc;
        /* Try again with a larger output buffer. */
        free (out);
        outalloc *= 2;
        /* Try again with a larger output buffer. */
        free (out);
        outalloc *= 2;
+      if (outalloc < prev)
+        return NULL;
        goto again;
      }
      else {
        goto again;
      }
      else {
author	Jim Meyering <jim@meyering.net>
	Tue, 3 Nov 2009 17:55:21 +0000 (18:55 +0100)
committer	Richard Jones <rjones@redhat.com>
	Wed, 4 Nov 2009 11:36:59 +0000 (11:36 +0000)