luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-01-27 22:46:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

garray: add overflow checks before expanding array

Browse Source 
We should bail when we detect that adding a number of items to an array
would cause it to overflow. Since we can't change to using gsize for ABI
reasons we should protect the integrity of the process even if that means
crashing.
This commit is contained in:
Christian Hergert 2018-07-23 21:05:11 -07:00
parent 4e1488eebb
commit 0c7dc75844
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
glib/garray.c
View File

@ -803,8 +803,14 @@ static void
g_array_maybe_expand (GRealArray *array,
guint len)
{
guint want_alloc = g_array_elt_len (array, array->len + len +
array->zero_terminated);
guint want_alloc;
/* Detect potential overflow */
if G_UNLIKELY ((G_MAXUINT - array->len) < len)
g_error ("adding %u to array would overflow", len);
want_alloc = g_array_elt_len (array, array->len + len +
array->zero_terminated);
if (want_alloc > array->alloc)
{
@ -1162,6 +1168,10 @@ static void
g_ptr_array_maybe_expand (GRealPtrArray *array,
gint len)
{
/* Detect potential overflow */
if G_UNLIKELY ((G_MAXUINT - array->len) < len)
g_error ("adding %u to array would overflow", len);
if ((array->len + len) > array->alloc)
{
guint old_alloc = array->alloc;