From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Tue, 17 May 2016 13:11:39 +0000 (-0400)
Subject: Fix: Integer overflowed argument
X-Git-Tag: v2.7.3~42
X-Git-Url: http://git.liburcu.org/?p=lttng-tools.git;a=commitdiff_plain;h=5e7ff59a87320786cd36b12632d0d13418e7a58a

Fix: Integer overflowed argument

Found by Coverity:

CID 1242317 (#1 of 2): Integer overflowed argument (INTEGER_OVERFLOW)25.
overflow_sink: Overflowed or truncated value (or a value computed from
an overflowed or truncated value) new_nbmem * 304UL used as critical
argument to function.

CID 1242317 (#2 of 2): Integer overflowed argument (INTEGER_OVERFLOW)27.
overflow_sink: Overflowed or truncated value (or a value computed from
an overflowed or truncated value) (new_nbmem - nbmem) * 304UL used as
critical argument to function.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>
---

diff --git a/src/bin/lttng-sessiond/syscall.c b/src/bin/lttng-sessiond/syscall.c
index 899964521..096f008f9 100644
--- a/src/bin/lttng-sessiond/syscall.c
+++ b/src/bin/lttng-sessiond/syscall.c
@@ -83,7 +83,7 @@ int syscall_init_table(void)
 
 			/* Double memory size. */
 			new_nbmem = max(index, nbmem << 1);
-			if (new_nbmem < nbmem) {
+			if (new_nbmem > (SIZE_MAX / sizeof(*new_list))) {
 				/* Overflow, stop everything, something went really wrong. */
 				ERR("Syscall listing memory size overflow. Stopping");
 				free(syscall_table);