<div dir="ltr"><div>Reviewed-by: Matheus Santana <<a href="mailto:embs@cin.ufpe.br">embs@cin.ufpe.br</a>><br><br></div>The check for negatives isn't needed anymore?<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 19, 2018 at 8:44 PM, Peter Hutterer <span dir="ltr"><<a href="mailto:peter.hutterer@who-t.net" target="_blank">peter.hutterer@who-t.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The ssize_t cast upsets coverity for some reason but we can be a lot more<br>
restrictive here anyway. Quick analysis of the zalloc calls in the test suite<br>
show the largest allocation is 9204 bytes.<br>
<br>
Let's put a cap on for one MB, anything above that is likely some memory<br>
corruption and should be caught early.<br>
<br>
Signed-off-by: Peter Hutterer <<a href="mailto:peter.hutterer@who-t.net">peter.hutterer@who-t.net</a>><br>
---<br>
src/libinput-util.h | 4 +++-<br>
1 file changed, 3 insertions(+), 1 deletion(-)<br>
<br>
diff --git a/src/libinput-util.h b/src/libinput-util.h<br>
index 8c67dcbd..4f60e8ea 100644<br>
--- a/src/libinput-util.h<br>
+++ b/src/libinput-util.h<br>
@@ -142,7 +142,9 @@ zalloc(size_t size)<br>
{<br>
void *p;<br>
<br>
- if ((ssize_t)size < 0)<br>
+ /* We never need to alloc anything even near one MB so we can assume<br>
+ * if we ever get above that something's going wrong */<br>
+ if (size > 1024 * 1024)<br>
abort();<br>
<br>
p = calloc(1, size);<br>
<span class="HOEnZb"><font color="#888888">-- <br>
2.17.1<br>
<br>
______________________________<wbr>_________________<br>
wayland-devel mailing list<br>
<a href="mailto:wayland-devel@lists.freedesktop.org">wayland-devel@lists.<wbr>freedesktop.org</a><br>
<a href="https://lists.freedesktop.org/mailman/listinfo/wayland-devel" rel="noreferrer" target="_blank">https://lists.freedesktop.org/<wbr>mailman/listinfo/wayland-devel</a><br>
</font></span></blockquote></div><br></div>