mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2025-03-16 12:45:13 +01:00
Add stricter overflow protection from GArray to g_ptr_array_maybe_expand() too
It might otherwise happen that the return value from g_nearest_pow() does not fit into a guint, i.e. it might be G_MAXUINT + 1 if that fits into a gsize.
This commit is contained in:
parent
5fcd2495f9
commit
d01dc6d23a
@ -1503,8 +1503,16 @@ static void
|
|||||||
g_ptr_array_maybe_expand (GRealPtrArray *array,
|
g_ptr_array_maybe_expand (GRealPtrArray *array,
|
||||||
guint len)
|
guint len)
|
||||||
{
|
{
|
||||||
|
guint max_len;
|
||||||
|
|
||||||
|
/* The maximum array length is derived from following constraints:
|
||||||
|
* - The number of bytes must fit into a gsize / 2.
|
||||||
|
* - The number of elements must fit into guint.
|
||||||
|
*/
|
||||||
|
max_len = MIN (G_MAXSIZE / 2 / sizeof (gpointer), G_MAXUINT);
|
||||||
|
|
||||||
/* Detect potential overflow */
|
/* Detect potential overflow */
|
||||||
if G_UNLIKELY ((G_MAXUINT - array->len) < len)
|
if G_UNLIKELY ((max_len - array->len) < len)
|
||||||
g_error ("adding %u to array would overflow", len);
|
g_error ("adding %u to array would overflow", len);
|
||||||
|
|
||||||
if ((array->len + len) > array->alloc)
|
if ((array->len + len) > array->alloc)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user