It's unlikely that we'll ever want to escape a string as long as INT_MAX/6, but adding this check can't hurt. * src/util/buf.c (virBufferEscapeSexpr, virBufferEscapeString): Check for (unlikely) overflow. --- src/util/buf.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/util/buf.c b/src/util/buf.c index 750e277..5002486 100644 --- a/src/util/buf.c +++ b/src/util/buf.c @@ -311,7 +311,8 @@ virBufferEscapeString(const virBufferPtr buf, const char *format, const char *st return; } - if (VIR_ALLOC_N(escaped, 6 * len + 1) < 0) { + if (xalloc_oversized(6, len) || + VIR_ALLOC_N(escaped, 6 * len + 1) < 0) { virBufferSetError(buf); return; } @@ -398,7 +399,8 @@ virBufferEscapeSexpr(const virBufferPtr buf, return; } - if (VIR_ALLOC_N(escaped, 2 * len + 1) < 0) { + if (xalloc_oversized(2, len) || + VIR_ALLOC_N(escaped, 2 * len + 1) < 0) { virBufferSetError(buf); return; } -- 1.7.4.4