[tor-commits] [obfsproxy/master] Fix container.c:smartlist_ensure_capacity() overflow.

[nickm at torproject.org]

commit 7f75f0df973a6dee679e93bd2d8cae23af81728f
Author: George Kadianakis <desnacked at riseup.net>
Date:   Fri Jan 13 17:38:57 2012 +0200

    Fix container.c:smartlist_ensure_capacity() overflow.
    
    Fixes tor's bug #4230.
---
 src/container.c |   19 ++++++++++++++-----
 1 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/container.c b/src/container.c
index b66a819..e579e91 100644
--- a/src/container.c
+++ b/src/container.c
@@ -55,13 +55,22 @@ smartlist_clear(smartlist_t *sl)
 static inline void
 smartlist_ensure_capacity(smartlist_t *sl, int size)
 {
+#if SIZEOF_SIZE_T > SIZEOF_INT
+#define MAX_CAPACITY (INT_MAX)
+#else
+#define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*))))
+#endif
   if (size > sl->capacity) {
-    int higher = sl->capacity * 2;
-    while (size > higher)
-      higher *= 2;
-    obfs_assert(higher > 0); /* detect overflow */
+    int higher = sl->capacity;
+    if (size > MAX_CAPACITY/2) {
+      obfs_assert(size <= MAX_CAPACITY);
+      higher = MAX_CAPACITY;
+    } else {
+      while (size > higher)
+        higher *= 2;
+    }
     sl->capacity = higher;
-    sl->list = xrealloc(sl->list, sizeof(void*)*sl->capacity);
+    sl->list = xrealloc(sl->list, sizeof(void*)*((size_t)sl->capacity));
   }
 }