From: Adam Dickmeiss Date: Wed, 28 Jan 2015 13:32:34 +0000 (+0100) Subject: Add check for integer overflow in odr_write YAZ-816 X-Git-Tag: v5.9.0~3 X-Git-Url: http://jsfdemo.indexdata.com/cgi-bin?a=commitdiff_plain;h=ffc8ea2eb23fe8c74fbeb96d05b31c477767923f;p=yaz-moved-to-github.git Add check for integer overflow in odr_write YAZ-816 --- diff --git a/src/odr_mem.c b/src/odr_mem.c index 71a10e1..9d502df 100644 --- a/src/odr_mem.c +++ b/src/odr_mem.c @@ -10,6 +10,7 @@ #include #endif +#include #include #include "odr-priv.h" #include @@ -96,6 +97,11 @@ int odr_grow_block(ODR b, int min_bytes) int odr_write(ODR o, const char *buf, int bytes) { + if (bytes < 0 || o->op->pos > INT_MAX - bytes) + { + odr_seterror(o, OSPACE, 40); + return -1; + } if (o->op->pos + bytes >= o->op->size && odr_grow_block(o, bytes)) { odr_seterror(o, OSPACE, 40);