Add additional checks for size_t overflows

This change mainly affects 32-bit platforms. Similar to
4618865caf8596742a9fd7c28a70a46b5e277794, check for size_t overflow
in all places where string result sizes are precomputed before allocation.

PiperOrigin-RevId: 615792028
Change-Id: I71c774c5ef2c2978bd812c70e9bab36d266b7c90

1 files changed, 10 insertions, 2 deletions

diff --git a/absl/strings/internal/str_join_internal.h b/absl/strings/internal/str_join_internal.h
index d97d5033..96d41b68 100644
--- a/absl/strings/internal/str_join_internal.h
+++ b/absl/strings/internal/str_join_internal.h
@@ -31,13 +31,16 @@
 #ifndef ABSL_STRINGS_INTERNAL_STR_JOIN_INTERNAL_H_
 #define ABSL_STRINGS_INTERNAL_STR_JOIN_INTERNAL_H_
 
+#include <cstdint>
 #include <cstring>
 #include <iterator>
+#include <limits>
 #include <memory>
 #include <string>
 #include <type_traits>
 #include <utility>
 
+#include "absl/base/internal/raw_logging.h"
 #include "absl/strings/internal/ostringstream.h"
 #include "absl/strings/internal/resize_uninitialized.h"
 #include "absl/strings/str_cat.h"
@@ -230,14 +233,19 @@ std::string JoinAlgorithm(Iterator start, Iterator end, absl::string_view s,
   if (start != end) {
     // Sums size
     auto&& start_value = *start;
-    size_t result_size = start_value.size();
+    // Use uint64_t to prevent size_t overflow. We assume it is not possible for
+    // in memory strings to overflow a uint64_t.
+    uint64_t result_size = start_value.size();
     for (Iterator it = start; ++it != end;) {
       result_size += s.size();
       result_size += (*it).size();
     }
 
     if (result_size > 0) {
-      STLStringResizeUninitialized(&result, result_size);
+      constexpr uint64_t kMaxSize =
+          uint64_t{(std::numeric_limits<size_t>::max)()};
+      ABSL_INTERNAL_CHECK(result_size <= kMaxSize, "size_t overflow");
+      STLStringResizeUninitialized(&result, static_cast<size_t>(result_size));
 
       // Joins strings
       char* result_buf = &*result.begin();