Date: Thu, 6 Nov 2025 07:13:02 GMT From: Xin LI <delphij@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: c23a589aa145 - stable/14 - cron: Use reallocarray() to prevent integer overflow Message-ID: <202511060713.5A67D2L3002816@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/14 has been updated by delphij: URL: https://cgit.FreeBSD.org/src/commit/?id=c23a589aa145d2f14e7141601fec1b38bce9a6bd commit c23a589aa145d2f14e7141601fec1b38bce9a6bd Author: Xin LI <delphij@FreeBSD.org> AuthorDate: 2025-11-03 05:59:46 +0000 Commit: Xin LI <delphij@FreeBSD.org> CommitDate: 2025-11-06 07:12:52 +0000 cron: Use reallocarray() to prevent integer overflow Apply OpenBSD env.c,v 1.24 and 1.25, which replaces manual size calculations with reallocarray() to prevent possible integer overflow. (cherry picked from commit 40d21618382108fefa84f8576b14302f65452718) --- usr.sbin/cron/lib/env.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/usr.sbin/cron/lib/env.c b/usr.sbin/cron/lib/env.c index 36c5fca12117..b4dcf4ac5325 100644 --- a/usr.sbin/cron/lib/env.c +++ b/usr.sbin/cron/lib/env.c @@ -58,7 +58,7 @@ env_copy(char **envp) for (count = 0; envp[count] != NULL; count++) ; - p = (char **) malloc((count+1) * sizeof(char *)); /* 1 for the NULL */ + p = (char **) reallocarray(NULL, count+1, sizeof(char *)); /* 1 for the NULL */ if (p == NULL) { errno = ENOMEM; return NULL; @@ -115,8 +115,7 @@ env_set(char **envp, char *envstr) * one, save our string over the old null pointer, and return resized * array. */ - p = (char **) realloc((void *) envp, - (unsigned) ((count+1) * sizeof(char *))); + p = (char **) reallocarray(envp, count+1, sizeof(char *)); if (p == NULL) { /* XXX env_free(envp); */ errno = ENOMEM;help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202511060713.5A67D2L3002816>