From ac460747972e5c943217f6f8d4a18459d5e49372 Mon Sep 17 00:00:00 2001 From: Ali Raza Date: Sat, 7 Mar 2026 03:08:34 +0500 Subject: [PATCH] win: add overflow check in make_program_args() The command-line buffer size computation at dst_len * 2 + arg_count * 2 can overflow size_t on 32-bit systems when the total argument length is large. Add a check before the arithmetic to reject inputs that would cause the multiplication or addition to wrap. --- src/win/process.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/win/process.c b/src/win/process.c index 45e85ed96..696a54ce3 100644 --- a/src/win/process.c +++ b/src/win/process.c @@ -546,6 +546,10 @@ int make_program_args(char** args, int verbatim_arguments, WCHAR** dst_ptr) { /* Adjust for potential quotes. Also assume the worst-case scenario that * every character needs escaping, so we need twice as much space. */ + if (dst_len > (SIZE_MAX / sizeof(WCHAR) - arg_count * 2) / 2) { + err = UV_EINVAL; + goto error; + } dst_len = dst_len * 2 + arg_count * 2; /* Allocate buffer for the final command line. */