attr: harden allocation against integer overflows

When parsing an attributes line, we need to allocate an array that holds all attributes specified for the given file pattern. The calculation to determine the number of bytes that need to be allocated was prone to an overflow though when there was an unreasonable amount of attributes. Harden the allocation by instead using the `st_` helper functions that cause us to die when we hit an integer overflow. Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Patrick Steinhardt <ps@pks.im> 2022-12-01 17:45:40 +0300
committer: Junio C Hamano <gitster@pobox.com> 2022-12-05 09:14:16 +0300
commit: a60a66e409c265b2944f18bf43581c146812586d (patch)
tree: d1a9f9b53d8b13dd6e91b127b442be813c6f2167
parent: e1e12e97ac73ded85f7d000da1063a774b3cc14f (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/attr.c b/attr.c
index d1faf69083..a9f7063cfc 100644
--- a/attr.c
+++ b/attr.c
@@ -380,10 +380,9 @@ static struct match_attr *parse_attr_line(const char *line, const char *src,
 			goto fail_return;
 	}
 
-	res = xcalloc(1,
-		      sizeof(*res) +
-		      sizeof(struct attr_state) * num_attr +
-		      (is_macro ? 0 : namelen + 1));
+	res = xcalloc(1, st_add3(sizeof(*res),
+				 st_mult(sizeof(struct attr_state), num_attr),
+				 is_macro ? 0 : namelen + 1));
 	if (is_macro) {
 		res->u.attr = git_attr_internal(name, namelen);
 	} else {
author	Patrick Steinhardt <ps@pks.im>	2022-12-01 17:45:40 +0300
committer	Junio C Hamano <gitster@pobox.com>	2022-12-05 09:14:16 +0300
commit	a60a66e409c265b2944f18bf43581c146812586d (patch)
tree	d1a9f9b53d8b13dd6e91b127b442be813c6f2167
parent	e1e12e97ac73ded85f7d000da1063a774b3cc14f (diff)