fixes CID 1361220
in theory yes end minus start could be insanely huge or end be very
high in memory thus causing an overflow. this would have to be in the
last few bytes of memory space, so it never going to happen. and the
input from the env var has to be sane anyway as its user controlled.
@fix
level = strtol((char *)(end + 1), &tmp, 10);
if (tmp == (end + 1))
goto parse_end;
-
+ // If the name of the log is more than 64k it's silly so give up
+ // as it's pointless and in theory could overflow pointer
+ if ((end - start) > 0xffff)
+ break;
// Parse name
- p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + end - start + 1);
+ p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + (end - start) + 1);
if (!p)
break;