Avoid integer overflow on exotic platforms.

[gnulib.git] / lib / xreadlink.c

diff --git a/lib/xreadlink.c b/lib/xreadlink.c
index 13c2845..b8bb3c4 100644 (file)
--- a/lib/xreadlink.c
+++ b/lib/xreadlink.c
@@ -1,6 +1,6 @@
 /* xreadlink.c -- readlink wrapper to return the link name in malloc'd storage
 
-   Copyright 2001 Free Software Foundation, Inc.
+   Copyright (C) 2001, 2003, 2004, 2005 Free Software Foundation, Inc.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -15,32 +15,22 @@
    You should have received a copy of the GNU General Public License
    along with this program; see the file COPYING.
    If not, write to the Free Software Foundation,
-   59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */
+   51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */
 
 /* Written by Jim Meyering <jim@meyering.net>  */
 
-#if HAVE_CONFIG_H
+#ifdef HAVE_CONFIG_H
 # include <config.h>
 #endif
 
+#include "xreadlink.h"
+
 #include <stdio.h>
 #include <errno.h>
-#ifndef errno
-extern int errno;
-#endif
-
-#if HAVE_LIMITS_H
-# include <limits.h>
-#endif
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_STDLIB_H
-# include <stdlib.h>
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif
+#include <limits.h>
+#include <sys/types.h>
+#include <stdlib.h>
+#include <unistd.h>
 
 #ifndef SIZE_MAX
 # define SIZE_MAX ((size_t) -1)
@@ -49,28 +39,34 @@ extern int errno;
 # define SSIZE_MAX ((ssize_t) (SIZE_MAX / 2))
 #endif
 
+#define MAXSIZE (SIZE_MAX < SSIZE_MAX ? SIZE_MAX : SSIZE_MAX)
+
 #include "xalloc.h"
-#include "xreadlink.h"
 
-/* Call readlink to get the symbolic link value of FILENAME.
+/* Call readlink to get the symbolic link value of FILE.
+   SIZE is a hint as to how long the link is expected to be;
+   typically it is taken from st_size.  It need not be correct.
    Return a pointer to that NUL-terminated string in malloc'd storage.
    If readlink fails, return NULL (caller may use errno to diagnose).
-   If realloc fails, or if the link value is longer than SIZE_MAX :-),
+   If malloc fails, or if the link value is longer than SSIZE_MAX :-),
    give a diagnostic and exit.  */
 
 char *
-xreadlink (char const *filename)
+xreadlink (char const *file, size_t size)
 {
   /* The initial buffer size for the link value.  A power of 2
      detects arithmetic overflow earlier, but is not required.  */
-  size_t buf_size = 128;
+  size_t buf_size = size < MAXSIZE ? size + 1 : MAXSIZE;
 
   while (1)
     {
       char *buffer = xmalloc (buf_size);
-      ssize_t link_length = readlink (filename, buffer, buf_size);
+      ssize_t r = readlink (file, buffer, buf_size);
+      size_t link_length = r;
 
-      if (link_length < 0)
+      /* On AIX 5L v5.3 and HP-UX 11i v2 04/09, readlink returns -1
+        with errno == ERANGE if the buffer is too small.  */
+      if (r < 0 && errno != ERANGE)
        {
          int saved_errno = errno;
          free (buffer);
@@ -85,8 +81,11 @@ xreadlink (char const *filename)
        }
 
       free (buffer);
-      buf_size *= 2;
-      if (SSIZE_MAX < buf_size || (SIZE_MAX / 2 < SSIZE_MAX && buf_size == 0))
+      if (buf_size <= MAXSIZE / 2)
+       buf_size *= 2;
+      else if (buf_size < MAXSIZE)
+       buf_size = MAXSIZE;
+      else
        xalloc_die ();
     }
 }