:: commit 0a24c40c7e12461235cd46f93c6a9000c008889b
host/limine: Validate uninstall data entry size before malloc
diff --git a/host/limine.c b/host/limine.c
index f50ccc00..5cebe2ea 100644
--- a/host/limine.c
+++ b/host/limine.c
@@ -409,7 +409,11 @@ static bool load_uninstall_data(const char *filename) {
if (fread(&uninstall_data[i].count, sizeof(uint64_t), 1, udfile) != 1) {
goto fread_error;
}
- uninstall_data[i].data = malloc(uninstall_data[i].count);
+ if (uninstall_data[i].count > SIZE_MAX) {
+ fprintf(stderr, "error: load_uninstall_data(): entry size too large\n");
+ goto error;
+ }
+ uninstall_data[i].data = malloc((size_t)uninstall_data[i].count);
if (uninstall_data[i].data == NULL) {
perror_wrap("error: load_uninstall_data(): malloc()");
goto error;
