Fix: Integer overflowed argument

Found by Coverity:

CID 1242317 (#1 of 2): Integer overflowed argument (INTEGER_OVERFLOW)25.
overflow_sink: Overflowed or truncated value (or a value computed from
an overflowed or truncated value) new_nbmem * 304UL used as critical
argument to function.

CID 1242317 (#2 of 2): Integer overflowed argument (INTEGER_OVERFLOW)27.
overflow_sink: Overflowed or truncated value (or a value computed from
an overflowed or truncated value) (new_nbmem - nbmem) * 304UL used as
critical argument to function.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>

diff --git a/src/bin/lttng-sessiond/syscall.c b/src/bin/lttng-sessiond/syscall.c
index d5db529324fc238419e78e8f66d5693eb418fee1..7db510936ead56454b8a94a91317cc254f920806 100644 (file)
--- a/src/bin/lttng-sessiond/syscall.c
+++ b/src/bin/lttng-sessiond/syscall.c
@@ -82,7 +82,7 @@ int syscall_init_table(void)
 
                        /* Double memory size. */
                        new_nbmem = max(index, nbmem << 1);
-                       if (new_nbmem < nbmem) {
+                       if (new_nbmem > (SIZE_MAX / sizeof(*new_list))) {
                                /* Overflow, stop everything, something went really wrong. */
                                ERR("Syscall listing memory size overflow. Stopping");
                                free(syscall_table);