Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-02-01 19:23:04 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Fix overflow in lev path #diff (#18497)

Browse Source
This commit is contained in:
Dennis Goodlett 2021-03-19 16:37:22 -04:00 committed by GitHub
parent efcb2c927f
commit 51c5317b49
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
libr/util/udiff.c
View File

@ -146,31 +146,28 @@ static st32 lev_parse_matrix(Levrow *matrix, ut32 len, bool invert, RLevOp **chg
row->changes = NULL;
row = prev_row--;
}
if (j > 0) {
if (j >= size) {
if (size >= overflow) {
// overflow paranoia
free (changes);
return -1;
}
size = 2 * size - j;
RLevOp *tmp = realloc (changes, size * sizeof (RLevOp));
if (!tmp) {
free (changes);
return -1;
}
changes = tmp;
if (size - insert < j) {
if (size > overflow) {
// overly paranoid
free (changes);
return -1;
}
while (j > 0) {
changes[insert++] = a;
j--;
size += j - (size - insert);
RLevOp *tmp = realloc (changes, size * sizeof (RLevOp));
if (!tmp) {
free (changes);
return -1;
}
changes = tmp;
}
while (j > 0) {
changes[insert++] = a;
j--;
}
*chgs = changes;
return insert;
}
#undef lev_set_op
static inline void lev_fill_changes(RLevOp *chgs, RLevOp op, ut32 count) {
while (count > 0) {