From 2901f4b31ffee670f9d3a97676a2b99eb04297d5 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 27 Mar 2018 14:56:04 +0200
Subject: [PATCH] util: check for overflows in xbsearch_r()

---
 src/basic/util.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/basic/util.c b/src/basic/util.c
index 7863a14fb2..b0303a17fa 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -181,11 +181,13 @@ void *xbsearch_r(const void *key, const void *base, size_t nmemb, size_t size,
         const void *p;
         int comparison;
 
+        assert(!size_multiply_overflow(nmemb, size));
+
         l = 0;
         u = nmemb;
         while (l < u) {
                 idx = (l + u) / 2;
-                p = (const char *) base + idx * size;
+                p = (const uint8_t*) base + idx * size;
                 comparison = compar(key, p, arg);
                 if (comparison < 0)
                         u = idx;
-- 
2.25.1