From: Nikolaus Rath <Nikolaus@rath.org>
Date: Fri, 11 May 2018 13:56:45 +0000 (+0100)
Subject: add_arg(): check for overflow
X-Git-Tag: fuse-3.2.3~1
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=44deb68ce1259e1c5c79de7c5d4b2b05d07cf82d;p=qemu-gpiodev%2Flibfuse.git

add_arg(): check for overflow

Fixes: #222.
---

diff --git a/util/mount.fuse.c b/util/mount.fuse.c
index 3f498db..169fe53 100644
--- a/util/mount.fuse.c
+++ b/util/mount.fuse.c
@@ -13,6 +13,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <errno.h>
+#include <stdint.h>
 
 static char *progname;
 
@@ -40,6 +41,10 @@ static void add_arg(char **cmdp, const char *opt)
 {
 	size_t optlen = strlen(opt);
 	size_t cmdlen = *cmdp ? strlen(*cmdp) : 0;
+	if (optlen >= (SIZE_MAX - cmdlen - 4)/4) {
+		fprintf(stderr, "%s: argument too long\n", progname);
+		exit(1);
+	}
 	char *cmd = xrealloc(*cmdp, cmdlen + optlen * 4 + 4);
 	char *s;
 	s = cmd + cmdlen;