From a54fb46b5134c4fab044c07a0102b14a1970fe26 Mon Sep 17 00:00:00 2001 From: Erik Auerswald Date: Sat, 23 Aug 2025 14:52:08 +0200 Subject: [PATCH] prevent allocation size computation overflow MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit On systems where size_t is unsigned int, computing the size of the resp_times array can overflow. Add a check to prevent this. On a 64-bit x86_64 Ubuntu 22.04.5 LTS system, the overflow check results in a compiler warning: ``` fping.c: In function ‘add_addr’: fping.c:3444:20: warning: comparison is always false due to limited range of data type [-Wtype-limits] 3444 | if (trials > (SIZE_MAX / sizeof(int64_t))) | ^ ``` Thus limit the check to systems with a size_t equal to (or less than) unsigned int. --- CHANGELOG.md | 3 +++ src/fping.c | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ed1bd74..8171329 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,9 @@ Next (#392, thanks @gsnw-sebast and @auerswal) - Switch to alpine-based multi-stage Docker build to reduce image size and improve build performance Add OpenContainers-compatible labels (#399) +- Avoid unsigned overflow when determining the memory size to save + response times on systems where size\_t is the same as unsigned int + (#412 by @auerswal) fping 5.4 (UNRELEASED) ====================== diff --git a/src/fping.c b/src/fping.c index e359d56..3df8f7e 100644 --- a/src/fping.c +++ b/src/fping.c @@ -41,6 +41,7 @@ extern "C" { #include #include +#include #include #include #include @@ -3439,6 +3440,10 @@ void add_addr(char *name, char *host, struct sockaddr *ipaddr, socklen_t ipaddr_ /* array for response time results */ if (!loop_flag) { +#if SIZE_MAX <= UINT_MAX + if (trials > (SIZE_MAX / sizeof(int64_t))) + crash_and_burn("resp_times array too large for memory"); +#endif i = (int64_t *)malloc(trials * sizeof(int64_t)); if (!i) crash_and_burn("can't allocate resp_times array"); -- 2.43.0