commit 7f75f0df973a6dee679e93bd2d8cae23af81728f Author: George Kadianakis desnacked@riseup.net Date: Fri Jan 13 17:38:57 2012 +0200
Fix container.c:smartlist_ensure_capacity() overflow.
Fixes tor's bug #4230. --- src/container.c | 19 ++++++++++++++----- 1 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/src/container.c b/src/container.c index b66a819..e579e91 100644 --- a/src/container.c +++ b/src/container.c @@ -55,13 +55,22 @@ smartlist_clear(smartlist_t *sl) static inline void smartlist_ensure_capacity(smartlist_t *sl, int size) { +#if SIZEOF_SIZE_T > SIZEOF_INT +#define MAX_CAPACITY (INT_MAX) +#else +#define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*)))) +#endif if (size > sl->capacity) { - int higher = sl->capacity * 2; - while (size > higher) - higher *= 2; - obfs_assert(higher > 0); /* detect overflow */ + int higher = sl->capacity; + if (size > MAX_CAPACITY/2) { + obfs_assert(size <= MAX_CAPACITY); + higher = MAX_CAPACITY; + } else { + while (size > higher) + higher *= 2; + } sl->capacity = higher; - sl->list = xrealloc(sl->list, sizeof(void*)*sl->capacity); + sl->list = xrealloc(sl->list, sizeof(void*)*((size_t)sl->capacity)); } }