Fix: Integer overflowed argument
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Tue, 17 May 2016 13:11:39 +0000 (09:11 -0400)
committerJérémie Galarneau <jeremie.galarneau@efficios.com>
Fri, 20 May 2016 19:15:03 +0000 (15:15 -0400)
Found by Coverity:

CID 1242317 (#1 of 2): Integer overflowed argument (INTEGER_OVERFLOW)25.
overflow_sink: Overflowed or truncated value (or a value computed from
an overflowed or truncated value) new_nbmem * 304UL used as critical
argument to function.

CID 1242317 (#2 of 2): Integer overflowed argument (INTEGER_OVERFLOW)27.
overflow_sink: Overflowed or truncated value (or a value computed from
an overflowed or truncated value) (new_nbmem - nbmem) * 304UL used as
critical argument to function.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
src/bin/lttng-sessiond/syscall.c

index 899964521ff2e81adc2e65c80a39fc7d4f875e7f..096f008f9656507a996ca8135b443fbc92c72b15 100644 (file)
@@ -83,7 +83,7 @@ int syscall_init_table(void)
 
                        /* Double memory size. */
                        new_nbmem = max(index, nbmem << 1);
-                       if (new_nbmem < nbmem) {
+                       if (new_nbmem > (SIZE_MAX / sizeof(*new_list))) {
                                /* Overflow, stop everything, something went really wrong. */
                                ERR("Syscall listing memory size overflow. Stopping");
                                free(syscall_table);
This page took 0.025799 seconds and 4 git commands to generate.