cuberite/libevent
1
0
Fork 0
mirror of https://github.com/cuberite/libevent.git synced 2025-09-15 07:15:03 -04:00
Code Issues Packages Projects Releases Wiki Activity

Prevent integer overflow in kq_build_changes_list.

Browse Source 
On amd64 systems with kqueue (e.g. *BSD systems) an integer overflow
could be triggered with an excessively huge amount of events.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
(cherry picked from commit cf8acae36a580935c42228f3d30f3e96c8a3ef59)
This commit is contained in:
Tobias Stoeckmann 2019-05-07 20:53:17 +02:00 committed by Azat Khuzhin
parent 5410388342
commit 43a55a2380
No known key found for this signature in database
GPG Key ID: B86086848EF8686D
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
kqueue.c
View File

@ -62,6 +62,7 @@
#include "log-internal.h" #include "log-internal.h"
#include "evmap-internal.h" #include "evmap-internal.h"
#include "event2/thread.h" #include "event2/thread.h"
#include "event2/util.h"
#include "evthread-internal.h" #include "evthread-internal.h"
#include "changelist-internal.h" #include "changelist-internal.h"
@ -210,6 +211,12 @@ kq_build_changes_list(const struct event_changelist *changelist,
int newsize = kqop->changes_size * 2; int newsize = kqop->changes_size * 2;
struct kevent *newchanges; struct kevent *newchanges;
if (newsize < 0 || (size_t)newsize >
EV_SIZE_MAX / sizeof(struct kevent)) {
event_warnx("%s: int overflow", __func__);
return (-1);
}
newchanges = mm_realloc(kqop->changes, newchanges = mm_realloc(kqop->changes,
newsize * sizeof(struct kevent)); newsize * sizeof(struct kevent));
if (newchanges == NULL) { if (newchanges == NULL) {