Skip to content

Commit

Permalink
Fix reversed calloc() arguments
Browse files Browse the repository at this point in the history 
The prototype is "void *calloc(size_t nelem, size_t elsize);"

These two instances had them reversed, almost certainly leading to
buffer overflow issues. This was detected by
-Werror=calloc-transposed-args on gcc.

Signed-off-by: Stephen Gallagher <[email protected]>
  • Loading branch information
@sgallagher @vathpela
sgallagher authored and vathpela committed Feb 2, 2024
1 parent 1fb3c85 commit 1f9e2fa
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/pesigcheck.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons,

cert_iter iter;

reasonps = calloc(sizeof(struct reason), 512);
reasonps = calloc(512, sizeof(struct reason));

This comment has been minimized.

Sign in to view

Copy link
@kukrimate

kukrimate Feb 3, 2024
edited
Loading

Excuse my ignorance, but I do wonder how could this possible lead to buffer overflows?
The size of the buffer is nelem * elsize, and multiplication is commutative, sure it's nicer this way, but this change is purely cosmetic.
if (!reasonps)
err(1, "check_signature");

Expand Down Expand Up @@ -281,7 +281,7 @@ check_signature(pesigcheck_context *ctx, int *nreasons,

num_reasons += 16;

new_reasons = calloc(sizeof(struct reason), num_reasons);
new_reasons = calloc(num_reasons, sizeof(struct reason));
if (!new_reasons)
err(1, "check_signature");
reasonps = new_reasons;
Expand Down

0 comments on commit 1f9e2fa

Please sign in to comment.