summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBjörn Svensson <bjorn.a.svensson@est.tech>2022-02-01 14:48:42 +0100
committerBjörn Svensson <bjorn.a.svensson@est.tech>2022-02-01 18:34:38 +0100
commit64062a1d40f558e0892ed0a7566d389c4e6eb904 (patch)
treeaa4beab72dc55d8edd889ac870f586fbbcc6628f
parent066c6de79e03a54966cffc83aca0a724155005f2 (diff)
Catch size_t overflows in sds.c
Equivalent changes introduced to redis sds.c via: https://github.com/redis/redis/pull/8522 https://github.com/redis/redis/pull/9584
Diffstat
-rw-r--r--sds.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/sds.c b/sds.c
index d386140..01b00f3 100644
--- a/sds.c
+++ b/sds.c
@@ -90,6 +90,7 @@ sds sdsnewlen(const void *init, size_t initlen) {
int hdrlen = sdsHdrSize(type);
unsigned char *fp; /* flags pointer. */
+ assert(initlen + hdrlen + 1 > initlen); /* Catch size_t overflow */
sh = s_malloc(hdrlen+initlen+1);
if (sh == NULL) return NULL;
if (!init)
@@ -196,7 +197,7 @@ void sdsclear(sds s) {
sds sdsMakeRoomFor(sds s, size_t addlen) {
void *sh, *newsh;
size_t avail = sdsavail(s);
- size_t len, newlen;
+ size_t len, newlen, reqlen;
char type, oldtype = s[-1] & SDS_TYPE_MASK;
int hdrlen;
@@ -205,7 +206,8 @@ sds sdsMakeRoomFor(sds s, size_t addlen) {
len = sdslen(s);
sh = (char*)s-sdsHdrSize(oldtype);
- newlen = (len+addlen);
+ reqlen = newlen = (len+addlen);
+ assert(newlen > len); /* Catch size_t overflow */
if (newlen < SDS_MAX_PREALLOC)
newlen *= 2;
else
@@ -219,6 +221,7 @@ sds sdsMakeRoomFor(sds s, size_t addlen) {
if (type == SDS_TYPE_5) type = SDS_TYPE_8;
hdrlen = sdsHdrSize(type);
+ assert(hdrlen + newlen + 1 > reqlen); /* Catch size_t overflow */
if (oldtype==type) {
newsh = s_realloc(sh, hdrlen+newlen+1);
if (newsh == NULL) return NULL;
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 22:30:43 +0000