diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/tool_paramhlp.c | 31 | 
1 files changed, 24 insertions, 7 deletions
| diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c index c9dac4f0f..af47516b6 100644 --- a/src/tool_paramhlp.c +++ b/src/tool_paramhlp.c @@ -58,12 +58,17 @@ struct getout *new_getout(struct OperationConfig *config)  ParameterError file2string(char **bufp, FILE *file)  { -  char *ptr;    char *string = NULL; -    if(file) { +    char *ptr; +    size_t alloc = 512; +    size_t alloc_needed;      char buffer[256];      size_t stringlen = 0; +    string = malloc(alloc); +    if(!string) +      return PARAM_NO_MEM; +      while(fgets(buffer, sizeof(buffer), file)) {        size_t buflen;        ptr = strchr(buffer, '\r'); @@ -73,12 +78,24 @@ ParameterError file2string(char **bufp, FILE *file)        if(ptr)          *ptr = '\0';        buflen = strlen(buffer); -      ptr = realloc(string, stringlen + buflen + 1); -      if(!ptr) { -        Curl_safefree(string); -        return PARAM_NO_MEM; +      alloc_needed = stringlen + buflen + 1; +      if(alloc < alloc_needed) { +#if SIZEOF_SIZE_T < 8 +        if(alloc >= (size_t)SIZE_T_MAX/2) { +          Curl_safefree(string); +          return PARAM_NO_MEM; +        } +#endif +        /* doubling is enough since the string to add is always max 256 bytes +           and the alloc size start at 512 */ +        alloc *= 2; +        ptr = realloc(string, alloc); +        if(!ptr) { +          Curl_safefree(string); +          return PARAM_NO_MEM; +        } +        string = ptr;        } -      string = ptr;        strcpy(string + stringlen, buffer);        stringlen += buflen;      } | 
