Handle overflowed cases for buffer allocation

This patch fixes a svace issue (wgid: 698073).

Change-Id: I0e85a1934dfbf685d8db7b14c6c74e3d19e0fe81
Signed-off-by: Sung-hun Kim <sfoon.kim@samsung.com>

diff --git a/src/crash-stack/proc.c b/src/crash-stack/proc.c
index 62bb548..919423c 100644 (file)
--- a/src/crash-stack/proc.c
+++ b/src/crash-stack/proc.c
@@ -157,7 +157,17 @@ struct mem_map *create_maps(int pid)
 
         total_read = strlen(buf);
         if ((total_read + 1) == capacity) {
-            capacity *= 2;
+            if (capacity == SIZE_MAX) {
+                _E("Buffer cannot exceed SIZE_MAX");
+                mem_map_destroy(map);
+                map = NULL;
+                goto create_maps_end;
+            } else if (capacity > (SIZE_MAX >> 1)) {
+                /* can be overflowed */
+                capacity = SIZE_MAX;
+            } else {
+                capacity *= 2;
+            }
             buf = realloc(buf, capacity);
             if (buf == NULL) {
                 _E("Unable to reallocate memory: %m");