check for integer overflows in more places, when adding elements to

smartlists. this could possibly prevent a buffer overflow on malicious
huge inputs. i don't see any, but i haven't looked carefully.


svn:r5695
This commit is contained in:
Roger Dingledine 2006-01-02 04:40:18 +00:00
parent 0bd25f5d43
commit a45b131590

View File

@ -79,33 +79,35 @@ smartlist_clear(smartlist_t *sl)
sl->num_used = 0; sl->num_used = 0;
} }
/** Append element to the end of the list. */ /** Make sure that <b>sl</b> can hold at least <b>size</b> entries. */
void static INLINE void
smartlist_add(smartlist_t *sl, void *element) smartlist_ensure_capacity(smartlist_t *sl, int size)
{ {
if (sl->num_used >= sl->capacity) { if (size > sl->capacity) {
int higher = sl->capacity * 2; int higher = sl->capacity * 2;
while (size > higher)
higher *= 2;
tor_assert(higher > sl->capacity); /* detect overflow */ tor_assert(higher > sl->capacity); /* detect overflow */
sl->capacity = higher; sl->capacity = higher;
sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity); sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity);
} }
}
/** Append element to the end of the list. */
void
smartlist_add(smartlist_t *sl, void *element)
{
smartlist_ensure_capacity(sl, sl->num_used+1);
sl->list[sl->num_used++] = element; sl->list[sl->num_used++] = element;
} }
/** Append each element from S2 to the end of S1. */ /** Append each element from S2 to the end of S1. */
void void
smartlist_add_all(smartlist_t *sl, const smartlist_t *s2) smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
{ {
int n2 = sl->num_used + s2->num_used; smartlist_ensure_capacity(s1, s1->num_used + s2->num_used);
if (n2 > sl->capacity) { memcpy(s1->list + s1->num_used, s2->list, s2->num_used*sizeof(void*));
int higher = sl->capacity * 2; s1->num_used += s2->num_used;
while (n2 > higher)
higher *= 2;
sl->capacity = higher;
sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity);
}
memcpy(sl->list + sl->num_used, s2->list, s2->num_used*sizeof(void*));
sl->num_used += s2->num_used;
} }
/** Remove all elements E from sl such that E==element. Preserve /** Remove all elements E from sl such that E==element. Preserve
@ -257,11 +259,7 @@ smartlist_insert(smartlist_t *sl, int idx, void *val)
if (idx == sl->num_used) { if (idx == sl->num_used) {
smartlist_add(sl, val); smartlist_add(sl, val);
} else { } else {
/* Ensure sufficient capacity */ smartlist_ensure_capacity(sl, sl->num_used+1);
if (sl->num_used >= sl->capacity) {
sl->capacity *= 2;
sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity);
}
/* Move other elements away */ /* Move other elements away */
if (idx < sl->num_used) if (idx < sl->num_used)
memmove(sl->list + idx + 1, sl->list + idx, memmove(sl->list + idx + 1, sl->list + idx,