SECURITY: a second negative store guard

(cherry picked from commit 706864e934c70941ce7a327f97b7649a1e5f5556) (cherry picked from commit 9f06dcd6848052f2524658bf871c60a8d48c7dbe)
author: Phil Pennock <phil+git@pennock-tech.com> 2020-10-29 21:30:04 -0400
committer: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> 2021-05-27 21:30:28 +0200
commit: 410b935d8ed35762b76b0edfa7a9fb9ba6500ebd (patch)
tree: db6234945dc655da2bc5edf9ee4e60d2ee0b95ca
parent: 15282ddb92382fb203e61d7a66f37aa2fbdebb82 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/src/store.c b/src/src/store.c
index b5115fa13..c664ad9f4 100644
--- a/src/src/store.c
+++ b/src/src/store.c
@@ -428,6 +428,13 @@ int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool;
 int inc = newsize - oldsize;
 int rounded_oldsize = oldsize;
 
+if (newsize < 0)
+  {
+  log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+            "bad memory extension requested (%d -> %d bytes) at %s %d",
+            oldsize, newsize, func, linenumber);
+  }
+
 /* Check that the block being extended was already of the required taint status;
 refuse to extend if not. */
author	Phil Pennock <phil+git@pennock-tech.com>	2020-10-29 21:30:04 -0400
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2021-05-27 21:30:28 +0200
commit	410b935d8ed35762b76b0edfa7a9fb9ba6500ebd (patch)
tree	db6234945dc655da2bc5edf9ee4e60d2ee0b95ca
parent	15282ddb92382fb203e61d7a66f37aa2fbdebb82 (diff)