1 From 099016b7e8d70a6d5dd814e788bba08d33d48426 Mon Sep 17 00:00:00 2001
2 From: Tobias Stoeckmann <tobias@stoeckmann.org>
3 Date: Mon, 4 May 2020 19:41:16 +0200
4 Subject: [PATCH 1/2] Protect array_list_del_idx against size_t overflow.
6 If the assignment of stop overflows due to idx and count being
7 larger than SIZE_T_MAX in sum, out of boundary access could happen.
9 It takes invalid usage of this function for this to happen, but
10 I decided to add this check so array_list_del_idx is as safe against
11 bad usage as the other arraylist functions.
14 1 file changed, 3 insertions(+)
18 @@ -135,6 +135,9 @@ array_list_del_idx( struct array_list *a
22 + /* Avoid overflow in calculation with large indices. */
23 + if (idx > SIZE_T_MAX - count)
26 if ( idx >= arr->length || stop > arr->length ) return -1;
27 for ( i = idx; i < stop; ++i ) {