>From 649e713c1e5452204253cb1029ea22c1b6effa2e Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 29 Dec 2020 19:34:59 -0800
Subject: [PATCH] canonicalize: fix size overflow treatment

This also has some minor cleanups.
* lib/canonicalize-lgpl.c, lib/canonicalize.c: No need to include
stddef.h, since the code no longer refers directly to ptrdiff_t.
* lib/canonicalize-lgpl.c (realpath_stk):
* lib/canonicalize.c (canonicalize_filename_mode_stk):
Treat size overflow like other out-of-memory.
* lib/canonicalize.c: No need to include stdlib.h, since
the code no longer refers to stdlib.h functions (other
than those that canonicalize.h must declare).
* lib/canonicalize.c (canonicalize_filename_mode_stk):
Do not bother terminating the string result on error.
---
 ChangeLog               | 15 +++++++++++++++
 lib/canonicalize-lgpl.c |  6 +-----
 lib/canonicalize.c      |  9 ++-------
 3 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index cca14c910..2af7a42c7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,18 @@
+2020-12-29  Paul Eggert  <eggert@cs.ucla.edu>
+
+	canonicalize: fix size overflow treatment
+	This also has some minor cleanups.
+	* lib/canonicalize-lgpl.c, lib/canonicalize.c: No need to include
+	stddef.h, since the code no longer refers directly to ptrdiff_t.
+	* lib/canonicalize-lgpl.c (realpath_stk):
+	* lib/canonicalize.c (canonicalize_filename_mode_stk):
+	Treat size overflow like other out-of-memory.
+	* lib/canonicalize.c: No need to include stdlib.h, since
+	the code no longer refers to stdlib.h functions (other
+	than those that canonicalize.h must declare).
+	* lib/canonicalize.c (canonicalize_filename_mode_stk):
+	Do not bother terminating the string result on error.
+
 2020-12-29  Bruno Haible  <bruno@clisp.org>
 
 	list-c++, [o]map-c++, [o]set-c++: Fix conflict with 'free-posix' module.
diff --git a/lib/canonicalize-lgpl.c b/lib/canonicalize-lgpl.c
index e8b10f0e7..01b06322d 100644
--- a/lib/canonicalize-lgpl.c
+++ b/lib/canonicalize-lgpl.c
@@ -32,7 +32,6 @@
 #include <fcntl.h>
 #include <limits.h>
 #include <stdbool.h>
-#include <stddef.h>
 #include <string.h>
 #include <sys/stat.h>
 #include <unistd.h>
@@ -345,10 +344,7 @@ realpath_stk (const char *name, char *resolved,
                 end_idx = end - extra_buf;
               size_t len = strlen (end);
               if (NARROW_ADDRESSES && INT_ADD_OVERFLOW (len, n))
-                {
-                  __set_errno (ENOMEM);
-                  goto error;
-                }
+                goto error_nomem;
               while (extra_buffer.length <= len + n)
                 {
                   if (!scratch_buffer_grow_preserve (&extra_buffer))
diff --git a/lib/canonicalize.c b/lib/canonicalize.c
index eee3dbee6..26066831c 100644
--- a/lib/canonicalize.c
+++ b/lib/canonicalize.c
@@ -21,8 +21,6 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <stdbool.h>
-#include <stddef.h>
-#include <stdlib.h>
 #include <string.h>
 #include <sys/stat.h>
 #include <unistd.h>
@@ -396,10 +394,7 @@ canonicalize_filename_mode_stk (const char *name, canonicalize_mode_t can_mode,
                 end_idx = end - extra_buf;
               size_t len = strlen (end);
               if (NARROW_ADDRESSES && INT_ADD_OVERFLOW (len, n))
-                {
-                  errno = ENOMEM;
-                  goto error;
-                }
+                xalloc_die ();
               while (extra_buffer.length <= len + n)
                 {
                   if (!scratch_buffer_grow_preserve (&extra_buffer))
@@ -461,7 +456,6 @@ canonicalize_filename_mode_stk (const char *name, canonicalize_mode_t can_mode,
   failed = false;
 
 error:
-  *dest++ = '\0';
   if (ht)
     hash_free (ht);
   scratch_buffer_free (&extra_buffer);
@@ -473,6 +467,7 @@ error:
       return NULL;
     }
 
+  *dest++ = '\0';
   char *result = scratch_buffer_dupfree (rname_buf, dest - rname);
   if (!result)
     xalloc_die ();
-- 
2.27.0