summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2011-11-23 16:28:18 -0500
committerNick Mathewson <nickm@torproject.org>2011-11-23 16:28:18 -0500
commit3890c81e7c4eaa3350fe569dbc2fbf97e824e4c0 (patch)
tree7238babedd6c1562d746255e65d7d471782d8bb8
parent281aa2e237586a1086c3f589ed35a74eda4f1a27 (diff)
parentfbf1c5ee79490577ec0b8c68338ba4f872e993b4 (diff)
downloadtor-3890c81e7c4eaa3350fe569dbc2fbf97e824e4c0.tar.gz
tor-3890c81e7c4eaa3350fe569dbc2fbf97e824e4c0.zip
Merge remote-tracking branch 'origin/maint-0.2.2'
-rw-r--r--changes/bug42305
-rw-r--r--src/common/container.c19
2 files changed, 19 insertions, 5 deletions
diff --git a/changes/bug4230 b/changes/bug4230
new file mode 100644
index 0000000000..c1ba5847fc
--- /dev/null
+++ b/changes/bug4230
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Resolve an integer overflow bug in smartlist_ensure_capacity.
+ Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by
+ Mansour Moufid.
+
diff --git a/src/common/container.c b/src/common/container.c
index 92bfd2ec89..31cc6c5a6c 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -62,13 +62,22 @@ smartlist_clear(smartlist_t *sl)
static INLINE void
smartlist_ensure_capacity(smartlist_t *sl, int size)
{
+#if SIZEOF_SIZE_T > SIZEOF_INT
+#define MAX_CAPACITY (INT_MAX)
+#else
+#define MAX_CAPACITY (int)((SIZE_MAX / (sizeof(void*))))
+#endif
if (size > sl->capacity) {
- int higher = sl->capacity * 2;
- while (size > higher)
- higher *= 2;
- tor_assert(higher > 0); /* detect overflow */
+ int higher = sl->capacity;
+ if (PREDICT_UNLIKELY(size > MAX_CAPACITY/2)) {
+ tor_assert(size <= MAX_CAPACITY);
+ higher = MAX_CAPACITY;
+ } else {
+ while (size > higher)
+ higher *= 2;
+ }
sl->capacity = higher;
- sl->list = tor_realloc(sl->list, sizeof(void*)*sl->capacity);
+ sl->list = tor_realloc(sl->list, sizeof(void*)*((size_t)sl->capacity));
}
}