From 83752435cf52da3bdcaf7f717922076f97d90bd5 Mon Sep 17 00:00:00 2001 From: "Carsten Haitzler (Rasterman)" Date: Sat, 6 Aug 2016 15:53:18 +0900 Subject: [PATCH] eina log - handle possible overflow from high mem (last few bytes) or env fixes CID 1361219 if you had an env var a few gb in size or we had stuff in the last bit of memory address space this might be an issue, but that won't happen. @fix --- src/lib/eina/eina_log.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/lib/eina/eina_log.c b/src/lib/eina/eina_log.c index c08f93c..65bfbb8 100644 --- a/src/lib/eina/eina_log.c +++ b/src/lib/eina/eina_log.c @@ -1021,9 +1021,12 @@ eina_log_domain_parse_pending_globs(void) level = strtol((char *)(end + 1), &tmp, 10); if (tmp == (end + 1)) goto parse_end; - + // If the name of the log is more than 64k it's silly so give up + // as it's pointless and in theory could overflow pointer + if ((end - start) > 0xffff) + break; // Parse name - p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + end - start + 1); + p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + (end - start) + 1); if (!p) break; -- 2.7.4