projects / platform / upstream / json-c.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5a9b622) | patch
[CVE-2020-12762] Protect array_list_del_idx against size_t overflow. 91/286491/2 accepted/tizen/6.0/unified/20230116.012131 submit/tizen_6.0/20230112.235225
authorTobias Stoeckmann <tobias@stoeckmann.org>
Mon, 4 May 2020 17:41:16 +0000 (19:41 +0200)
committerDongHun Kwak <dh0128.kwak@samsung.com>
Mon, 9 Jan 2023 05:10:30 +0000 (14:10 +0900)
commit254c8396c9d9548c8706b1273f9717122f560f2a
tree3fa63878c84e9ed1f33610e857ee8f1b095724f3tree | snapshot
parent5a9b622dac3c8643272dd190c9f0ed0d1bc25911commit | diff
[CVE-2020-12762] Protect array_list_del_idx against size_t overflow.

If the assignment of stop overflows due to idx and count being
larger than SIZE_T_MAX in sum, out of boundary access could happen.

It takes invalid usage of this function for this to happen, but
I decided to add this check so array_list_del_idx is as safe against
bad usage as the other arraylist functions.

Change-Id: Id003f52d4d21d150e2783c66df9220a112bc8ca4
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
arraylist.c diff | blob | history
Domain: System / Base;