- s = OPENSSL_realloc((char *)st->data,
- (unsigned int)sizeof(char *) * st->num_alloc * 2);
- if (s == NULL)
+
+ /* Overflow checks by Guido
+ * Cast to size_t to avoid triggering -ftrapv via overflow of st->num_alloc
+ */
+ if ( (size_t)(st->num_alloc) * 2 < (size_t)(st->num_alloc) ) {
+ return 0;
+ }
+
+ if ( (size_t)(st->num_alloc) * 2 > INT_MAX )
+ {
+ return 0;
+ }
+
+ /* Avond overflow due to multiplication by sizeof(char*) */
+ if ( (size_t)(st->num_alloc) * 2 > (~(size_t)0) / sizeof(char*) ) {
+ return 0;
+ }
+
+ /* Remove cast to unsigned int to avoid undersized allocations on > 32 bit. */
+ st->data = OPENSSL_realloc((char *)st->data,
+ sizeof(char *) * st->num_alloc * 2);
+ if (st->data == NULL) {
+ /* Reset these counters to prevent subsequent operations on
+ * (now non-existing) heap memory
+ */
+ st->num_alloc = 0;
+ st->num = 0;