# HG changeset patch # User Jim Meyering # Date 999634816 0 # Node ID 8ac2c1e256a99a308e251f18805f7b1a91372080 # Parent 28c66612bada798b8160bb126b949d73bb996856 (xreadlink): Omit size_t* arg. All uses changed. Use ssize_t, not int, to store result of readlink. Check for ssize_t overflow as well as size_t overflow, as POSIX says the result of readlink is implementation-defined when ssize_t overflows. Remove unnecessary cast to char*. Use free+malloc instead of realloc, as the storage doesn't need to be preserved and it's clearer and can be more efficient that way. (SIZE_MAX, SSIZE_MAX): New macros, if doesn't declare. diff --git a/lib/xreadlink.c b/lib/xreadlink.c --- a/lib/xreadlink.c +++ b/lib/xreadlink.c @@ -29,6 +29,9 @@ extern int errno; #endif +#if HAVE_LIMITS_H +# include +#endif #if HAVE_SYS_TYPES_H # include #endif @@ -39,6 +42,13 @@ # include #endif +#ifndef SIZE_MAX +# define SIZE_MAX ((size_t) -1) +#endif +#ifndef SSIZE_MAX +# define SSIZE_MAX ((ssize_t) (SIZE_MAX / 2)) +#endif + #include "xalloc.h" #include "xreadlink.h" @@ -49,18 +59,17 @@ give a diagnostic and exit. */ char * -xreadlink (char const *filename, size_t *link_length_arg) +xreadlink (char const *filename) { /* The initial buffer size for the link value. A power of 2 detects arithmetic overflow earlier, but is not required. */ size_t buf_size = 128; - char *buffer = NULL; while (1) { - int link_length; - buffer = (char *) xrealloc (buffer, buf_size); - link_length = readlink (filename, buffer, buf_size); + char *buffer = xmalloc (buf_size); + ssize_t link_length = readlink (filename, buffer, buf_size); + if (link_length < 0) { int saved_errno = errno; @@ -68,14 +77,16 @@ errno = saved_errno; return NULL; } + if (link_length < buf_size) { - *link_length_arg = link_length; buffer[link_length] = 0; return buffer; } + + free (buffer); buf_size *= 2; - if (buf_size == 0) + if (SSIZE_MAX < buf_size || (SIZE_MAX / 2 < SSIZE_MAX && buf_size == 0)) xalloc_die (); } }