aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2013-05-09 13:14:53 -0400
committerNick Mathewson <nickm@torproject.org>2013-05-09 13:14:53 -0400
commitbae5dd6c8d4535360d471932b87431f54b515567 (patch)
tree058112f6a8343fab1544692beb534a383234b70a
parent7d3fd858388ddd4916c604ed5ab3c8cfc72dfd1c (diff)
parent96d3219176398f377dc4a1c84e14a54e7d2516df (diff)
downloadtor-bae5dd6c8d4535360d471932b87431f54b515567.tar.gz
tor-bae5dd6c8d4535360d471932b87431f54b515567.zip
Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
-rw-r--r--changes/bug88446
-rw-r--r--src/or/buffers.c3
-rw-r--r--src/test/test.c12
3 files changed, 20 insertions, 1 deletions
diff --git a/changes/bug8844 b/changes/bug8844
new file mode 100644
index 0000000000..320e5f2845
--- /dev/null
+++ b/changes/bug8844
@@ -0,0 +1,6 @@
+ o Major bugfixes:
+ - Prevent the get_freelists() function from running off the end of
+ the list of freelists if it somehow gets an unrecognized
+ allocation. Fixes bug 8844; bugfix on 0.2.0.16-alpha. Reported by
+ eugenis.
+
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 47fa31dc07..d063d23135 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -148,7 +148,8 @@ static INLINE chunk_freelist_t *
get_freelist(size_t alloc)
{
int i;
- for (i=0; freelists[i].alloc_size <= alloc; ++i) {
+ for (i=0; (freelists[i].alloc_size <= alloc &&
+ freelists[i].alloc_size); ++i ) {
if (freelists[i].alloc_size == alloc) {
return &freelists[i];
}
diff --git a/src/test/test.c b/src/test/test.c
index c12ba93d79..0e48533978 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -813,6 +813,18 @@ test_buffers(void)
buf_free(buf);
buf = NULL;
+ /* Try adding a string too long for any freelist. */
+ {
+ char *cp = tor_malloc_zero(65536);
+ buf = buf_new();
+ write_to_buf(cp, 65536, buf);
+ tor_free(cp);
+
+ tt_int_op(buf_datalen(buf), ==, 65536);
+ buf_free(buf);
+ buf = NULL;
+ }
+
done:
if (buf)
buf_free(buf);