File 0100-check_length_sanity.patch of Package sblim-sfcb
Index: indCIMXMLExport.c
===================================================================
RCS file: /cvsroot/sblim/sfcb/indCIMXMLExport.c,v
retrieving revision 1.12
diff -u -p -r1.12 indCIMXMLExport.c
--- indCIMXMLExport.c 9 Oct 2008 19:18:18 -0000 1.12
+++ indCIMXMLExport.c 17 Oct 2008 20:16:40 -0000
@@ -130,7 +130,13 @@ static void initializeHeaders(CurlData *
static size_t writeCb(void *ptr, size_t size, size_t nmemb, void *stream)
{
UtilStringBuffer *sb = (UtilStringBuffer*)stream;
- int length = size * nmemb;
+ unsigned int length = 0;
+ unsigned long long calcLength = (unsigned long)size * nmemb;
+ if(calcLength > UINT_MAX) {
+ mlogf(M_ERROR, M_SHOW, "--- Cannot allocate for %d members of size $d\n", nmemb, size);
+ return 0;
+ }
+ length = calcLength & UINT_MAX;
char c=((char*)ptr)[length];
((char*)ptr)[length]=0;
sb->ft->appendChars(sb,(char*)ptr);