package/libs/libjson-c/patches/001-Protect-array_list_del_idx-against-size_t-overflow.patch

   1 From 099016b7e8d70a6d5dd814e788bba08d33d48426 Mon Sep 17 00:00:00 2001
   2 From: Tobias Stoeckmann <tobias@stoeckmann.org>
   3 Date: Mon, 4 May 2020 19:41:16 +0200
   4 Subject: [PATCH 1/2] Protect array_list_del_idx against size_t overflow.
   5
   6 If the assignment of stop overflows due to idx and count being
   7 larger than SIZE_T_MAX in sum, out of boundary access could happen.
   8
   9 It takes invalid usage of this function for this to happen, but
  10 I decided to add this check so array_list_del_idx is as safe against
  11 bad usage as the other arraylist functions.
  12 ---
  13  arraylist.c | 3 +++
  14  1 file changed, 3 insertions(+)
  15
  16 --- a/arraylist.c
  17 +++ b/arraylist.c
  18 @@ -135,6 +135,9 @@ array_list_del_idx( struct array_list *a
  19  {
  20         size_t i, stop;
  21
  22 +       /* Avoid overflow in calculation with large indices. */
  23 +       if (idx > SIZE_T_MAX - count)
  24 +               return -1;
  25         stop = idx + count;
  26         if ( idx >= arr->length || stop > arr->length ) return -1;
  27         for ( i = idx; i < stop; ++i ) {