From: Tobias Stoeckmann <[email protected]>
The values of file sizes and buffer sizes can exceed current limits.
Therefore, use proper variable types for these operations.
---
src/RdFToBuf.c | 4 ++++
src/WrFFrBuf.c | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/RdFToBuf.c b/src/RdFToBuf.c
index 7f8ebee..69e3347 100644
--- a/src/RdFToBuf.c
+++ b/src/RdFToBuf.c
@@ -89,6 +89,10 @@ XpmReadFileToBuffer(
return XpmOpenFailed;
}
len = stats.st_size;
+ if (len < 0 || len >= SIZE_MAX) {
+ close(fd);
+ return XpmOpenFailed;
+ }
ptr = (char *) XpmMalloc(len + 1);
if (!ptr) {
fclose(fp);
diff --git a/src/WrFFrBuf.c b/src/WrFFrBuf.c
index b80aa62..0e57cc8 100644
--- a/src/WrFFrBuf.c
+++ b/src/WrFFrBuf.c
@@ -44,7 +44,7 @@ XpmWriteFileFromBuffer(
const char *filename,
char *buffer)
{
- int fcheck, len;
+ size_t fcheck, len;
FILE *fp = fopen(filename, "w");
if (!fp)
--
2.11.0
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: https://lists.x.org/mailman/listinfo/xorg-devel
