luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-03-28 02:20:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add stricter overflow protection from GArray to g_ptr_array_maybe_expand() too

Browse Source 
It might otherwise happen that the return value from g_nearest_pow()
does not fit into a guint, i.e. it might be G_MAXUINT + 1 if that fits
into a gsize.
This commit is contained in:
Sebastian Dröge 2021-11-25 14:11:29 +02:00
parent 5fcd2495f9
commit d01dc6d23a
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
glib/garray.c
View File

@ -1503,8 +1503,16 @@ static void
g_ptr_array_maybe_expand (GRealPtrArray *array,
guint len)
{
guint max_len;
/* The maximum array length is derived from following constraints:
* - The number of bytes must fit into a gsize / 2.
* - The number of elements must fit into guint.
*/
max_len = MIN (G_MAXSIZE / 2 / sizeof (gpointer), G_MAXUINT);
/* Detect potential overflow */
if G_UNLIKELY ((G_MAXUINT - array->len) < len)
if G_UNLIKELY ((max_len - array->len) < len)
g_error ("adding %u to array would overflow", len);
if ((array->len + len) > array->alloc)