Add check for integer overflow in odr_write YAZ-816

author Adam Dickmeiss <adam@indexdata.dk>

Wed, 28 Jan 2015 13:32:34 +0000 (14:32 +0100)

committer Adam Dickmeiss <adam@indexdata.dk>

Wed, 28 Jan 2015 13:32:34 +0000 (14:32 +0100)
author Adam Dickmeiss <adam@indexdata.dk>
Wed, 28 Jan 2015 13:32:34 +0000 (14:32 +0100)
committer Adam Dickmeiss <adam@indexdata.dk>
Wed, 28 Jan 2015 13:32:34 +0000 (14:32 +0100)
diff --git a/src/odr_mem.c b/src/odr_mem.c

index 71a10e1..9d502df 100644 (file)
--- a/src/odr_mem.c
+++ b/src/odr_mem.c
@@ -10,6 +10,7 @@
  #include <config.h>
  #endif
  
+#include <limits.h>
  #include <stdlib.h>
  #include "odr-priv.h"
  #include <yaz/xmalloc.h>
@@ -96,6 +97,11 @@ int odr_grow_block(ODR b, int min_bytes)
  
  int odr_write(ODR o, const char *buf, int bytes)
  {
+    if (bytes < 0 || o->op->pos > INT_MAX - bytes)
+    {
+        odr_seterror(o, OSPACE, 40);
+        return -1;
+    }
      if (o->op->pos + bytes >= o->op->size && odr_grow_block(o, bytes))
      {
          odr_seterror(o, OSPACE, 40);
author	Adam Dickmeiss <adam@indexdata.dk>
	Wed, 28 Jan 2015 13:32:34 +0000 (14:32 +0100)
committer	Adam Dickmeiss <adam@indexdata.dk>
	Wed, 28 Jan 2015 13:32:34 +0000 (14:32 +0100)