mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2025-03-14 19:55:12 +01:00
Add stricter overflow protection from GArray to g_ptr_array_maybe_expand() too
It might otherwise happen that the return value from g_nearest_pow() does not fit into a guint, i.e. it might be G_MAXUINT + 1 if that fits into a gsize.
This commit is contained in:
parent
5fcd2495f9
commit
d01dc6d23a
@ -1503,8 +1503,16 @@ static void
|
||||
g_ptr_array_maybe_expand (GRealPtrArray *array,
|
||||
guint len)
|
||||
{
|
||||
guint max_len;
|
||||
|
||||
/* The maximum array length is derived from following constraints:
|
||||
* - The number of bytes must fit into a gsize / 2.
|
||||
* - The number of elements must fit into guint.
|
||||
*/
|
||||
max_len = MIN (G_MAXSIZE / 2 / sizeof (gpointer), G_MAXUINT);
|
||||
|
||||
/* Detect potential overflow */
|
||||
if G_UNLIKELY ((G_MAXUINT - array->len) < len)
|
||||
if G_UNLIKELY ((max_len - array->len) < len)
|
||||
g_error ("adding %u to array would overflow", len);
|
||||
|
||||
if ((array->len + len) > array->alloc)
|
||||
|
Loading…
x
Reference in New Issue
Block a user