Skip to content

Commit 8e9069f

Browse files
mkruskal-googlecopybara-github
authored andcommitted
Prevent 32-bit size_t integer overflow in absl::CEscape
PiperOrigin-RevId: 946022039 Change-Id: Id3ad9b9e1a332d81d1322fa92d6c3a419fd48483
1 parent c6274e0 commit 8e9069f

1 file changed

Lines changed: 4 additions & 4 deletions

File tree

absl/strings/escaping.cc

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -459,10 +459,10 @@ void CEscapeAndAppendInternal(absl::string_view src,
459459
// We keep 3 slop bytes so that we can call `little_endian::Store32`
460460
// invariably regardless of the length of the escaped character.
461461
constexpr size_t kSlopBytes = 3;
462-
size_t cur_dest_len = dest->size();
463-
size_t append_buf_len = cur_dest_len + escaped_len + kSlopBytes;
464-
ABSL_INTERNAL_CHECK(append_buf_len > cur_dest_len,
465-
"std::string size overflow");
462+
ABSL_INTERNAL_CHECK(
463+
escaped_len <= std::numeric_limits<size_t>::max() - kSlopBytes,
464+
"CEscape length overflow");
465+
size_t append_buf_len = escaped_len + kSlopBytes;
466466
strings_internal::StringAppendAndOverwrite(
467467
*dest, append_buf_len, [src, escaped_len](char* append_ptr, size_t) {
468468
for (char c : src) {

0 commit comments

Comments
 (0)