From 1bee7aa4a7d6590f882a61a29da16316ba27c600 Mon Sep 17 00:00:00 2001 From: Tobias Stoeckmann Date: Thu, 12 Sep 2024 20:36:47 +0200 Subject: [PATCH] cursor: Fix undefined behavior with huge names If an index.theme contains a theme name which gets close to INT_MAX, then creation of full path can lead to a signed integer overflow, which is undefined behavior. Fix this by turning one of the values to size_t. Easy solution for a probably never occurring issue. Signed-off-by: Tobias Stoeckmann --- cursor/xcursor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cursor/xcursor.c b/cursor/xcursor.c index 2b6c47d5..b852a1f9 100644 --- a/cursor/xcursor.c +++ b/cursor/xcursor.c @@ -571,7 +571,7 @@ xcursor_build_theme_dir(const char *dir, const char *theme) * add space for any needed directory separators, one per component, * and one for the trailing null */ - full_size = 1 + homelen + 1 + dirlen + 1 + themelen + 1; + full_size = (size_t) 1 + homelen + 1 + dirlen + 1 + themelen + 1; full = malloc(full_size); if (!full) return NULL;