cmd/bup: add some missing safety checks

[bup.git] / lib / cmd / bup.c

diff --git a/lib/cmd/bup.c b/lib/cmd/bup.c
index f85029ac907c5468f3de1341e32d8640ade5fd9d..33b8077f7f772a00fd8f99d43615a5fefb432ecd 100644 (file)
--- a/lib/cmd/bup.c
+++ b/lib/cmd/bup.c
@@ -22,6 +22,7 @@
 #include <unistd.h>
 
 #include "bup/compat.h"
+#include "bup/intprops.h"
 #include "bup/io.h"
 
 static int prog_argc = 0;
@@ -35,7 +36,8 @@ get_argv(PyObject *self, PyObject *args)
        return NULL;
 
     PyObject *result = PyList_New(prog_argc);
-    for (int i = 0; i < prog_argc; i++) {
+    int i;
+    for (i = 0; i < prog_argc; i++) {
         PyObject *s = PyBytes_FromString(prog_argv[i]);
         if (!s)
             die(2, "cannot convert argument to bytes: %s\n", prog_argv[i]);
@@ -267,6 +269,8 @@ static char *exe_parent_dir(const char * const argv_0)
             len = readlink(PROC_SELF_EXE, path, path_n);
             if (len == -1 || (size_t) len != path_n)
                 break;
+            if (!INT_MULTIPLY_OK(path_n, 2, &path_n))
+                die(2, "memory buffer for executable path would be too big\n");
             path_n *= 2;
             if (path != sbuf) free(path);
             path = malloc(path_n);
@@ -361,6 +365,7 @@ int main(int argc, char **argv)
 
 int main(int argc, char **argv)
 {
+    assert(argc > 0);
     prog_argc = argc - 1;
     prog_argv = argv + 1;
     setup_bup_main_module();