From 8865d4a29dfb2d50ec08d464a120069bad633f26 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Mon, 11 Jun 2018 11:13:03 +1000
Subject: [PATCH] util: abort for a negative zalloc() size

Nothing in libinput needs large buffers, so if we ever get something that
large, we probably passed a negative number to zalloc.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 src/libinput-util.h    |  3 +++
 test/litest-selftest.c | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/src/libinput-util.h b/src/libinput-util.h
index 92e7cf73..574a8cf8 100644
--- a/src/libinput-util.h
+++ b/src/libinput-util.h
@@ -141,6 +141,9 @@ zalloc(size_t size)
 {
 	void *p;
 
+	if ((ssize_t)size < 0)
+		abort();
+
 	p = calloc(1, size);
 	if (!p)
 		abort();
diff --git a/test/litest-selftest.c b/test/litest-selftest.c
index 47d5ef13..72bdabac 100644
--- a/test/litest-selftest.c
+++ b/test/litest-selftest.c
@@ -344,6 +344,12 @@ START_TEST(ck_double_ge_fails)
 }
 END_TEST
 
+START_TEST(zalloc_overflow)
+{
+	zalloc(-1);
+}
+END_TEST
+
 static Suite *
 litest_assert_macros_suite(void)
 {
@@ -408,6 +414,10 @@ litest_assert_macros_suite(void)
 	tcase_add_exit_test(tc, ck_double_ge_fails, 1);
 	suite_add_tcase(s, tc);
 
+	tc = tcase_create("zalloc ");
+	tcase_add_test_raise_signal(tc, zalloc_overflow, SIGABRT);
+	suite_add_tcase(s, tc);
+
 	return s;
 }