mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2026-04-29 06:46:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

conf: avoid overflow in pw_strv_insert_at

Browse source 
Purely theoretical when there are a lot of arguments...
This commit is contained in:
Wim Taymans 2026-04-27 12:15:18 +02:00
parent 710414730d
commit fb4e148985
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/pipewire/conf.c
View file

@ -25,6 +25,7 @@
#endif #endif
#include <spa/utils/cleanup.h> #include <spa/utils/cleanup.h>
#include <spa/utils/overflow.h>
#include <spa/utils/result.h> #include <spa/utils/result.h>
#include <spa/utils/string.h> #include <spa/utils/string.h>
#include <spa/utils/json.h> #include <spa/utils/json.h>
@ -929,8 +930,10 @@ static char **pw_strv_insert_at(char **strv, int len, int pos, const char *str)
if (pos < 0 || pos > len) if (pos < 0 || pos > len)
pos = len; pos = len;
n = realloc(strv, sizeof(char*) * (len + 2)); size_t alloc_size;
if (n == NULL) { if (spa_overflow_add((size_t)len, (size_t)2, &alloc_size) ||
spa_overflow_mul(alloc_size, sizeof(char*), &alloc_size) ||
(n = realloc(strv, alloc_size)) == NULL) {
pw_free_strv(strv); pw_free_strv(strv);
return NULL; return NULL;
} }