From: Peter Krempa <pkrempa@redhat.com> Limit the size of the4 allocated buffer to max_len + 1. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/util/virfile.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/util/virfile.c b/src/util/virfile.c index bc3faedd4e..e7549197cd 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -1503,11 +1503,14 @@ saferead_lim(int fd, size_t max_len, size_t *length) int count; int requested; - if (size + BUFSIZ + 1 > alloc) { + if (alloc < max_len + 1 && + size + BUFSIZ + 1 > alloc) { alloc += alloc / 2; if (alloc < size + BUFSIZ + 1) alloc = size + BUFSIZ + 1; + alloc = MIN(alloc, max_len + 1); + VIR_REALLOC_N(buf, alloc); } -- 2.53.0