Files · 4618865caf8596742a9fd7c28a70a46b5e277794 · open / abseil-cpp

Prevent overflow in `absl::CEscape()` · 4618865c

Strings larger than 1 GiB on a platform with a 32-bit size_t could
potentially overflow size_t in `CEscapedLength()`, resulting in an
undersized allocation. The resulting write in
`CEscapeAndAppendInternal()` would then write beyond the bounds of the
output buffer.

A second overflow, where the calculated escaped length is added to the
size of the string being appended to, is also fixed.

In both cases the program will now abort prior to the overflow.

Credit goes to Ronald Crane (Zippenhop LLC) for reporting this issue.

PiperOrigin-RevId: 607019573
Change-Id: I97bf246cde96102a793d2db49446cccae08abf59

committed Feb 14, 2024

4618865c

Name	Last commit	Last Update
.github		Loading commit data...
CMake		Loading commit data...
absl		Loading commit data...
ci		Loading commit data...
.clang-format		Loading commit data...
.gitignore		Loading commit data...
ABSEIL_ISSUE_TEMPLATE.md		Loading commit data...
AUTHORS		Loading commit data...
BUILD.bazel		Loading commit data...
CMakeLists.txt		Loading commit data...
CONTRIBUTING.md		Loading commit data...
FAQ.md		Loading commit data...
LICENSE		Loading commit data...
MODULE.bazel		Loading commit data...
PrivacyInfo.xcprivacy		Loading commit data...
README.md		Loading commit data...
UPGRADES.md		Loading commit data...
WORKSPACE		Loading commit data...
WORKSPACE.bzlmod		Loading commit data...
conanfile.py		Loading commit data...
create_lts.py		Loading commit data...

README.md