diff options
| author | Leah Rowe <leah@libreboot.org> | 2026-03-26 09:04:30 +0000 |
|---|---|---|
| committer | Leah Rowe <leah@libreboot.org> | 2026-03-26 09:04:30 +0000 |
| commit | 8e8f7bced44c5f61e390e81d8a84a93099358453 (patch) | |
| tree | 4c193fc3dd9a4a3e14bb8ec1037d0123dba64aee /util/libreboot-utils | |
| parent | d6087901c107d45123a57d5fc905314aac7969c7 (diff) | |
mkhtemp rand: fix theoretical integer overflow
extremely theoretical, with a T. T for theoretical.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'util/libreboot-utils')
| -rw-r--r-- | util/libreboot-utils/lib/rand.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/util/libreboot-utils/lib/rand.c b/util/libreboot-utils/lib/rand.c index 3b20ab65..63cb3fcd 100644 --- a/util/libreboot-utils/lib/rand.c +++ b/util/libreboot-utils/lib/rand.c @@ -126,7 +126,7 @@ mkrstr(size_t n) /* emulates spkmodem-decode */ if (n == 0) err_no_cleanup(0, EPERM, "mkrbuf: zero-byte request"); - if (n == SIZE_MAX) + if (n >= SIZE_MAX - 1) err_no_cleanup(0, EOVERFLOW, "mkrbuf: overflow"); if (if_err((s = mkrbuf(n + 1)) == NULL, EFAULT)) @@ -149,6 +149,9 @@ mkrbuf(size_t n) if (n == 0) err_no_cleanup(0, EPERM, "mkrbuf: zero-byte request"); + if (n >= SIZE_MAX - 1) + err_no_cleanup(0, EOVERFLOW, "integer overflow in mkrbuf"); + if ((buf = malloc(n)) == NULL) err_no_cleanup(0, ENOMEM, "mkrbuf: malloc"); |