diff options
| author | Roger Dingledine <arma@torproject.org> | 2006-01-02 04:40:18 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2006-01-02 04:40:18 +0000 |
| commit | a45b1315909c99005847bb8bd5c1876f7589fe60 (patch) | |
| tree | f940add62c8e26bab9f7b20676cccad550800c18 | |
| parent | 0bd25f5d43f1f36d5ccdaaf6fa362d2c9ea0f4c4 (diff) | |
| download | tor-a45b1315909c99005847bb8bd5c1876f7589fe60.tar tor-a45b1315909c99005847bb8bd5c1876f7589fe60.tar.gz | |
check for integer overflows in more places, when adding elements to
smartlists. this could possibly prevent a buffer overflow on malicious
huge inputs. i don't see any, but i haven't looked carefully.
svn:r5695
| -rw-r--r-- | src/common/container.c | 38 |
1 files changed, 18 insertions, 20 deletions
diff --git a/src/common/container.c b/src/common/container.c index afad890de..8f2fb6f73 100644 --- a/src/common/container.c +++ b/src/common/container.c @@ -79,33 +79,35 @@ smartlist_clear(smartlist_t *sl) sl->num_used = 0; } -/** Append element to the end of the list. */ -void -smartlist_add(smartlist_t *sl, void *element) +/** Make sure that <b>sl</b> can hold at least <b>size</b> entries. */ +static INLINE void +smartlist_ensure_capacity(smartlist_t *sl, int size) { - if (sl->num_used >= sl->capacity) { + if (size > sl->capacity) { int higher = sl->capacity * 2; + while (size > higher) + higher *= 2; tor_assert(higher > sl->capacity); /* detect overflow */ sl->capacity = higher; sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity); } +} + +/** Append element to the end of the list. */ +void +smartlist_add(smartlist_t *sl, void *element) +{ + smartlist_ensure_capacity(sl, sl->num_used+1); sl->list[sl->num_used++] = element; } /** Append each element from S2 to the end of S1. */ void -smartlist_add_all(smartlist_t *sl, const smartlist_t *s2) +smartlist_add_all(smartlist_t *s1, const smartlist_t *s2) { - int n2 = sl->num_used + s2->num_used; - if (n2 > sl->capacity) { - int higher = sl->capacity * 2; - while (n2 > higher) - higher *= 2; - sl->capacity = higher; - sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity); - } - memcpy(sl->list + sl->num_used, s2->list, s2->num_used*sizeof(void*)); - sl->num_used += s2->num_used; + smartlist_ensure_capacity(s1, s1->num_used + s2->num_used); + memcpy(s1->list + s1->num_used, s2->list, s2->num_used*sizeof(void*)); + s1->num_used += s2->num_used; } /** Remove all elements E from sl such that E==element. Preserve @@ -257,11 +259,7 @@ smartlist_insert(smartlist_t *sl, int idx, void *val) if (idx == sl->num_used) { smartlist_add(sl, val); } else { - /* Ensure sufficient capacity */ - if (sl->num_used >= sl->capacity) { - sl->capacity *= 2; - sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity); - } + smartlist_ensure_capacity(sl, sl->num_used+1); /* Move other elements away */ if (idx < sl->num_used) memmove(sl->list + idx + 1, sl->list + idx, |