Fix: Integer overflowed argument
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Tue, 17 May 2016 13:11:39 +0000 (09:11 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Thu, 19 May 2016 05:38:34 +0000 (01:38 -0400)
Found by Coverity:

CID 1242317 (#1 of 2): Integer overflowed argument (INTEGER_OVERFLOW)25.
overflow_sink: Overflowed or truncated value (or a value computed from
an overflowed or truncated value) new_nbmem * 304UL used as critical
argument to function.

CID 1242317 (#2 of 2): Integer overflowed argument (INTEGER_OVERFLOW)27.
overflow_sink: Overflowed or truncated value (or a value computed from
an overflowed or truncated value) (new_nbmem - nbmem) * 304UL used as
critical argument to function.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
src/bin/lttng-sessiond/syscall.c

index a994da52bbda8460b9e138e0426827e98531a629..b5525640a393afb35836a2d3d21c1e55b0e36118 100644 (file)
@@ -82,7 +82,7 @@ int syscall_init_table(void)
 
                        /* Double memory size. */
                        new_nbmem = max(index, nbmem << 1);
-                       if (new_nbmem < nbmem) {
+                       if (new_nbmem > (SIZE_MAX / sizeof(*new_list))) {
                                /* Overflow, stop everything, something went really wrong. */
                                ERR("Syscall listing memory size overflow. Stopping");
                                free(syscall_table);
This page took 0.02532 seconds and 4 git commands to generate.