From 61ca2e4c8503762006eea18a6316e3b151d0bf92 Mon Sep 17 00:00:00 2001 From: Emmanuele Bassi Date: Tue, 3 Jul 2018 15:55:24 +0100 Subject: [PATCH] Check for overflow when allocating RcBox Since we're over-allocating the passed block size, we need to check that we're not overflowing gsize when computing the actual allocation size. --- glib/garcbox.c | 3 +-- glib/grcbox.c | 10 +++++++--- glib/grcboxprivate.h | 1 + 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/glib/garcbox.c b/glib/garcbox.c index 4182e986e..25c806ef7 100644 --- a/glib/garcbox.c +++ b/glib/garcbox.c @@ -18,10 +18,9 @@ #include "config.h" -#include "grcbox.h" +#include "grcboxprivate.h" #include "gmessages.h" -#include "grcboxprivate.h" #include "grefcount.h" #ifdef ENABLE_VALGRIND diff --git a/glib/grcbox.c b/glib/grcbox.c index 5a4d87424..0629c1279 100644 --- a/glib/grcbox.c +++ b/glib/grcbox.c @@ -18,11 +18,11 @@ #include "config.h" -#include "grcbox.h" +#include "grcboxprivate.h" #include "gmessages.h" -#include "grcboxprivate.h" #include "grefcount.h" +#include "gtestutils.h" #ifdef ENABLE_VALGRIND #include "valgrind.h" @@ -173,9 +173,12 @@ g_rc_box_alloc_full (gsize block_size, { /* sizeof GArcBox == sizeof GRcBox */ gsize private_size = G_ARC_BOX_SIZE; - gsize real_size = private_size + block_size; + gsize real_size; char *allocated; + g_assert (block_size < (G_MAXSIZE - G_ARC_BOX_SIZE)); + real_size = private_size + block_size; + #ifdef ENABLE_VALGRIND if (RUNNING_ON_VALGRIND) { @@ -185,6 +188,7 @@ g_rc_box_alloc_full (gsize block_size, * Valgrind to keep track of the over-allocation and not be * confused when passing the pointer around */ + g_assert (private_size < (G_MAXSIZE - ALIGN_STRUCT (1))); private_size += ALIGN_STRUCT (1); if (clear) diff --git a/glib/grcboxprivate.h b/glib/grcboxprivate.h index 6599e4d4a..7504d9d95 100644 --- a/glib/grcboxprivate.h +++ b/glib/grcboxprivate.h @@ -1,6 +1,7 @@ #pragma once #include "gtypes.h" +#include "grcbox.h" G_BEGIN_DECLS