mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 21:23:58 +01:00
check for integer overflows in more places, when adding elements to
smartlists. this could possibly prevent a buffer overflow on malicious huge inputs. i don't see any, but i haven't looked carefully. svn:r5695
This commit is contained in:
parent
0bd25f5d43
commit
a45b131590
@ -79,33 +79,35 @@ smartlist_clear(smartlist_t *sl)
|
|||||||
sl->num_used = 0;
|
sl->num_used = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Append element to the end of the list. */
|
/** Make sure that <b>sl</b> can hold at least <b>size</b> entries. */
|
||||||
void
|
static INLINE void
|
||||||
smartlist_add(smartlist_t *sl, void *element)
|
smartlist_ensure_capacity(smartlist_t *sl, int size)
|
||||||
{
|
{
|
||||||
if (sl->num_used >= sl->capacity) {
|
if (size > sl->capacity) {
|
||||||
int higher = sl->capacity * 2;
|
int higher = sl->capacity * 2;
|
||||||
|
while (size > higher)
|
||||||
|
higher *= 2;
|
||||||
tor_assert(higher > sl->capacity); /* detect overflow */
|
tor_assert(higher > sl->capacity); /* detect overflow */
|
||||||
sl->capacity = higher;
|
sl->capacity = higher;
|
||||||
sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity);
|
sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Append element to the end of the list. */
|
||||||
|
void
|
||||||
|
smartlist_add(smartlist_t *sl, void *element)
|
||||||
|
{
|
||||||
|
smartlist_ensure_capacity(sl, sl->num_used+1);
|
||||||
sl->list[sl->num_used++] = element;
|
sl->list[sl->num_used++] = element;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Append each element from S2 to the end of S1. */
|
/** Append each element from S2 to the end of S1. */
|
||||||
void
|
void
|
||||||
smartlist_add_all(smartlist_t *sl, const smartlist_t *s2)
|
smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
|
||||||
{
|
{
|
||||||
int n2 = sl->num_used + s2->num_used;
|
smartlist_ensure_capacity(s1, s1->num_used + s2->num_used);
|
||||||
if (n2 > sl->capacity) {
|
memcpy(s1->list + s1->num_used, s2->list, s2->num_used*sizeof(void*));
|
||||||
int higher = sl->capacity * 2;
|
s1->num_used += s2->num_used;
|
||||||
while (n2 > higher)
|
|
||||||
higher *= 2;
|
|
||||||
sl->capacity = higher;
|
|
||||||
sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity);
|
|
||||||
}
|
|
||||||
memcpy(sl->list + sl->num_used, s2->list, s2->num_used*sizeof(void*));
|
|
||||||
sl->num_used += s2->num_used;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Remove all elements E from sl such that E==element. Preserve
|
/** Remove all elements E from sl such that E==element. Preserve
|
||||||
@ -257,11 +259,7 @@ smartlist_insert(smartlist_t *sl, int idx, void *val)
|
|||||||
if (idx == sl->num_used) {
|
if (idx == sl->num_used) {
|
||||||
smartlist_add(sl, val);
|
smartlist_add(sl, val);
|
||||||
} else {
|
} else {
|
||||||
/* Ensure sufficient capacity */
|
smartlist_ensure_capacity(sl, sl->num_used+1);
|
||||||
if (sl->num_used >= sl->capacity) {
|
|
||||||
sl->capacity *= 2;
|
|
||||||
sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity);
|
|
||||||
}
|
|
||||||
/* Move other elements away */
|
/* Move other elements away */
|
||||||
if (idx < sl->num_used)
|
if (idx < sl->num_used)
|
||||||
memmove(sl->list + idx + 1, sl->list + idx,
|
memmove(sl->list + idx + 1, sl->list + idx,
|
||||||
|
Loading…
Reference in New Issue
Block a user