gre-ilya/libuv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

unix: add overflow check for stdio_count in uv_spawn()

Browse Source 
Add a bounds check for stdio_count before the allocation in uv_spawn()
on Unix. Reject negative values and values large enough to overflow the
stdio_count * sizeof(*pipes) multiplication. Uses SIZE_MAX to compute
the upper limit portably across 32-bit and 64-bit platforms.
This commit is contained in:
Ali Raza 2026-03-07 03:08:15 +05:00
parent 568470a2ef
commit f8343313b1
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/unix/process.c
View File

@ -993,6 +993,10 @@ int uv_spawn(uv_loop_t* loop,
process->status = 0;
stdio_count = options->stdio_count;
if (stdio_count < 0 || (size_t) stdio_count > SIZE_MAX / sizeof(*pipes)) {
err = UV_EINVAL;
goto error;
}
if (stdio_count < 3)
stdio_count = 3;