projectatomic/bubblewrap
1
0
Fork 0
mirror of https://github.com/projectatomic/bubblewrap.git synced 2026-02-05 15:45:22 +01:00
Code Issues Releases Activity

utils: Don't let ssize_t overflow when reading very large files

Browse Source 
The size to be allocated is tracked as ssize_t, so if it's larger than
this, doubling it would cause a signed overflow.

Limiting the data we will read into memory to SSIZE_MAX/2 still lets it
occupy 25% of addressable memory (1 GiB on 32-bit or some very large
amount on 64-bit), which should be adequate. In practice we expect this
function to read a few KiB at most.

In practice we're likely to run out of memory before reaching this
point; changing this to SSIZE_MAX / 8, compiling as 32-bit and running
`${builddir}/bwrap --args 0 < /dev/zero` is a convenient way to test
this code path.

Fixes: 422c078e "Check for allocation size overflows"
Signed-off-by: Simon McVittie <smcv@collabora.com>
This commit is contained in:
Simon McVittie
2024-03-25 17:46:40 +00:00
parent 8653799bb6
commit b6bbba5ceb
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
utils.c
View File

@@ -19,6 +19,7 @@
#include "config.h"
#include "utils.h"
#include <limits.h>
#include <stdint.h>
#include <sys/syscall.h>
#include <sys/socket.h>
@@ -599,7 +600,7 @@ load_file_data (int fd,
{
if (data_len == data_read + 1)
{
if (data_len > SIZE_MAX / 2)
if (data_len > SSIZE_MAX / 2)
{
errno = EFBIG;
return NULL;