diff --git a/src/arena.c b/src/arena.c index 7ca9a04..54a96f6 100644 --- a/src/arena.c +++ b/src/arena.c @@ -120,6 +120,13 @@ void *Arena_calloc(T arena, long count, long nbytes, void *ptr; assert(count > 0); + /* Check for integer overflow in count*nbytes */ + if (nbytes > 0 && count > LONG_MAX / nbytes) { + if (file == NULL) + RAISE(Arena_Failed); + else + Except_raise(&Arena_Failed, file, line); + } ptr = Arena_alloc(arena, count*nbytes, file, line); memset(ptr, '\0', count*nbytes); return ptr; diff --git a/src/array.c b/src/array.c index 938eec2..105050c 100644 --- a/src/array.c +++ b/src/array.c @@ -59,10 +59,15 @@ void Array_resize(T array, int length) { assert(length >= 0); if (length == 0) FREE(array->array); - else if (array->length == 0) + else if (array->length == 0) { + /* Check for integer overflow */ + assert(length <= INT_MAX / array->size); array->array = ALLOC(length*array->size); - else + } else { + /* Check for integer overflow */ + assert(length <= INT_MAX / array->size); RESIZE(array->array, length*array->size); + } array->length = length; } T Array_copy(T array, int length) { @@ -71,12 +76,17 @@ T Array_copy(T array, int length) { assert(length >= 0); copy = Array_new(length, array->size); if (copy->length >= array->length - && array->length > 0) + && array->length > 0) { + /* Check for integer overflow - should be safe if Array_new succeeded */ + assert(array->length <= INT_MAX / array->size); memcpy(copy->array, array->array, array->length*array->size); - else if (array->length > copy->length - && copy->length > 0) + } else if (array->length > copy->length + && copy->length > 0) { + /* Check for integer overflow - should be safe if Array_new succeeded */ + assert(copy->length <= INT_MAX / array->size); memcpy(copy->array, array->array, copy->length*array->size); + } return copy; } diff --git a/src/text.c b/src/text.c index 579bc06..9905531 100644 --- a/src/text.c +++ b/src/text.c @@ -108,6 +108,8 @@ T Text_dup(T s, int n) { { T text; char *p; + /* Check for integer overflow in n*s.len */ + assert(s.len == 0 || n <= INT_MAX / s.len); text.len = n*s.len; if (isatend(s, text.len - s.len)) { text.str = s.str;