nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'public/bug4230' into maint-0.2.2

Browse Source
This commit is contained in:
Nick Mathewson 2011-11-23 16:22:26 -05:00
commit fbf1c5ee79
2 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changes/bug4230 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes:
- Resolve an integer overflow bug in smartlist_ensure_capacity.
Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by
Mansour Moufid.

19
src/common/container.c
View File

@ -62,13 +62,22 @@ smartlist_clear(smartlist_t *sl)
static INLINE void static INLINE void
smartlist_ensure_capacity(smartlist_t *sl, int size) smartlist_ensure_capacity(smartlist_t *sl, int size)
{ {
#if SIZEOF_SIZE_T > SIZEOF_INT
#define MAX_CAPACITY (INT_MAX)
#else
#define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*))))
#endif
if (size > sl->capacity) { if (size > sl->capacity) {
int higher = sl->capacity * 2; int higher = sl->capacity;
while (size > higher) if (PREDICT_UNLIKELY(size > MAX_CAPACITY/2)) {
higher *= 2; tor_assert(size <= MAX_CAPACITY);
tor_assert(higher > 0); /* detect overflow */ higher = MAX_CAPACITY;
} else {
while (size > higher)
higher *= 2;
}
sl->capacity = higher; sl->capacity = higher;
sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity); sl->list = tor_realloc(sl->list, sizeof(void*)*((size_t)sl->capacity));
} }
} }