util: abort if we try to allocate more than a MB

The ssize_t cast upsets coverity for some reason but we can be a lot more
restrictive here anyway. Quick analysis of the zalloc calls in the test suite
show the largest allocation is 9204 bytes.

Let's put a cap on for one MB, anything above that is likely some memory
corruption and should be caught early.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Matheus Santana <embs@cin.ufpe.br>

2 files changed, 18 insertions, 1 deletions

diff --git a/src/libinput-util.h b/src/libinput-util.h
index 8c67dcbd..4f60e8ea 100644
--- a/src/libinput-util.h
+++ b/src/libinput-util.h
@@ -142,7 +142,9 @@ zalloc(size_t size)
 {
 	void *p;
 
-	if ((ssize_t)size < 0)
+	/* We never need to alloc anything even near one MB so we can assume
+	 * if we ever get above that something's going wrong */
+	if (size > 1024 * 1024)
 		abort();
 
 	p = calloc(1, size);
diff --git a/test/litest-selftest.c b/test/litest-selftest.c
index 72bdabac..8ea3ece3 100644
--- a/test/litest-selftest.c
+++ b/test/litest-selftest.c
@@ -350,6 +350,19 @@ START_TEST(zalloc_overflow)
 }
 END_TEST
 
+START_TEST(zalloc_max_size)
+{
+	/* Built-in alloc maximum */
+	free(zalloc(1024 * 1024));
+}
+END_TEST
+
+START_TEST(zalloc_too_large)
+{
+	zalloc(1024 * 1024 + 1);
+}
+END_TEST
+
 static Suite *
 litest_assert_macros_suite(void)
 {
@@ -415,7 +428,9 @@ litest_assert_macros_suite(void)
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("zalloc ");
+	tcase_add_test(tc, zalloc_max_size);
 	tcase_add_test_raise_signal(tc, zalloc_overflow, SIGABRT);
+	tcase_add_test_raise_signal(tc, zalloc_too_large, SIGABRT);
 	suite_add_tcase(s, tc);
 
 	return s;