diff options
author | Peter Hutterer <peter.hutterer@who-t.net> | 2018-06-20 09:34:30 +1000 |
---|---|---|
committer | Peter Hutterer <peter.hutterer@who-t.net> | 2018-06-20 11:41:48 +1000 |
commit | 793c8d51e871252e03fd6aac79d1bf6fd4f717d3 (patch) | |
tree | 14655f38d1d7a9a9ef479860565aef493bb5e974 | |
parent | 4203ab52bfd249a50bbfa305bb48f4b42e73a714 (diff) |
util: abort if we try to allocate more than a MB
The ssize_t cast upsets coverity for some reason but we can be a lot more
restrictive here anyway. Quick analysis of the zalloc calls in the test suite
show the largest allocation is 9204 bytes.
Let's put a cap on for one MB, anything above that is likely some memory
corruption and should be caught early.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Matheus Santana <embs@cin.ufpe.br>
-rw-r--r-- | src/libinput-util.h | 4 | ||||
-rw-r--r-- | test/litest-selftest.c | 15 |
2 files changed, 18 insertions, 1 deletions
diff --git a/src/libinput-util.h b/src/libinput-util.h index 8c67dcbd..4f60e8ea 100644 --- a/src/libinput-util.h +++ b/src/libinput-util.h @@ -142,7 +142,9 @@ zalloc(size_t size) { void *p; - if ((ssize_t)size < 0) + /* We never need to alloc anything even near one MB so we can assume + * if we ever get above that something's going wrong */ + if (size > 1024 * 1024) abort(); p = calloc(1, size); diff --git a/test/litest-selftest.c b/test/litest-selftest.c index 72bdabac..8ea3ece3 100644 --- a/test/litest-selftest.c +++ b/test/litest-selftest.c @@ -350,6 +350,19 @@ START_TEST(zalloc_overflow) } END_TEST +START_TEST(zalloc_max_size) +{ + /* Built-in alloc maximum */ + free(zalloc(1024 * 1024)); +} +END_TEST + +START_TEST(zalloc_too_large) +{ + zalloc(1024 * 1024 + 1); +} +END_TEST + static Suite * litest_assert_macros_suite(void) { @@ -415,7 +428,9 @@ litest_assert_macros_suite(void) suite_add_tcase(s, tc); tc = tcase_create("zalloc "); + tcase_add_test(tc, zalloc_max_size); tcase_add_test_raise_signal(tc, zalloc_overflow, SIGABRT); + tcase_add_test_raise_signal(tc, zalloc_too_large, SIGABRT); suite_add_tcase(s, tc); return s; |