util: abort for a negative zalloc() size

Nothing in libinput needs large buffers, so if we ever get something that large, we probably passed a negative number to zalloc. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
gitclear · Jun 11, 2018 · 8865d4a · 8865d4a
1 parent 24a19dd
commit 8865d4a
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/src/libinput-util.h b/src/libinput-util.h
@@ -141,6 +141,9 @@ zalloc(size_t size)
 {
 	void *p;
 
+	if ((ssize_t)size < 0)
+		abort();
+
 	p = calloc(1, size);
 	if (!p)
 		abort();

diff --git a/test/litest-selftest.c b/test/litest-selftest.c
@@ -344,6 +344,12 @@ START_TEST(ck_double_ge_fails)
 }
 END_TEST
 
+START_TEST(zalloc_overflow)
+{
+	zalloc(-1);
+}
+END_TEST
+
 static Suite *
 litest_assert_macros_suite(void)
 {
@@ -408,6 +414,10 @@ litest_assert_macros_suite(void)
 	tcase_add_exit_test(tc, ck_double_ge_fails, 1);
 	suite_add_tcase(s, tc);
 
+	tc = tcase_create("zalloc ");
+	tcase_add_test_raise_signal(tc, zalloc_overflow, SIGABRT);
+	suite_add_tcase(s, tc);
+
 	return s;
 }