bget: Check for size overflow

Check size overflow to avoid size <= 0 which may be caused by calculation "size += sizeof(struct bhead)" and "size = (size + (SizeQuant - 1)) & (~(SizeQuant - 1))". Signed-off-by: Peikan Tsai <mark1990301@gmail.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
author: PeiKan Tsai <mark1990301@gmail.com> 2019-01-31 22:02:08 +0800
committer: Jérôme Forissier <jerome.forissier@linaro.org> 2019-02-01 09:57:41 +0100
commit: 7539e8c32413101d24ddc010cccb0233bbe13c81 (patch)
tree: e4034c0fe7a2ec6d0731ac4d5722d2a56542addb /lib
parent: b0b3a51cc320d0e3173c5d62f109d658e7f530f2 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/libutils/isoc/bget.c b/lib/libutils/isoc/bget.c
index 6de0b091..f70a1145 100644
--- a/lib/libutils/isoc/bget.c
+++ b/lib/libutils/isoc/bget.c
@@ -597,12 +597,16 @@ void *bget(requested_size, poolset)
     }
 #ifdef SizeQuant
 #if SizeQuant > 1
-    size = (size + (SizeQuant - 1)) & (~(SizeQuant - 1));
+    if (ADD_OVERFLOW(size, SizeQuant - 1, &size))
+        return NULL;
+
+    size = ROUNDDOWN(size, SizeQuant);
 #endif
 #endif
 
-    size += sizeof(struct bhead);     /* Add overhead in allocated buffer
-					 to size required. */
+    /* Add overhead in allocated buffer to size required. */
+    if (ADD_OVERFLOW(size, sizeof(struct bhead), &size))
+        return NULL;
 
 #ifdef BECtl
     /* If a compact function was provided in the call to bectl(), wrap
author	PeiKan Tsai <mark1990301@gmail.com>	2019-01-31 22:02:08 +0800
committer	Jérôme Forissier <jerome.forissier@linaro.org>	2019-02-01 09:57:41 +0100
commit	7539e8c32413101d24ddc010cccb0233bbe13c81 (patch)
tree	e4034c0fe7a2ec6d0731ac4d5722d2a56542addb /lib
parent	b0b3a51cc320d0e3173c5d62f109d658e7f530f2 (diff)