summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sds.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/sds.c b/sds.c
index 35baa05..a20ba19 100644
--- a/sds.c
+++ b/sds.c
@@ -90,6 +90,7 @@ sds sdsnewlen(const void *init, size_t initlen) {
int hdrlen = sdsHdrSize(type);
unsigned char *fp; /* flags pointer. */
+ if (hdrlen+initlen+1 <= initlen) return NULL; /* Catch size_t overflow */
sh = s_malloc(hdrlen+initlen+1);
if (sh == NULL) return NULL;
if (!init)
@@ -174,7 +175,7 @@ void sdsfree(sds s) {
* the output will be "6" as the string was modified but the logical length
* remains 6 bytes. */
void sdsupdatelen(sds s) {
- int reallen = strlen(s);
+ size_t reallen = strlen(s);
sdssetlen(s, reallen);
}
@@ -196,7 +197,7 @@ void sdsclear(sds s) {
sds sdsMakeRoomFor(sds s, size_t addlen) {
void *sh, *newsh;
size_t avail = sdsavail(s);
- size_t len, newlen;
+ size_t len, newlen, reqlen;
char type, oldtype = s[-1] & SDS_TYPE_MASK;
int hdrlen;
@@ -205,7 +206,8 @@ sds sdsMakeRoomFor(sds s, size_t addlen) {
len = sdslen(s);
sh = (char*)s-sdsHdrSize(oldtype);
- newlen = (len+addlen);
+ reqlen = newlen = (len+addlen);
+ if (newlen <= len) return NULL; /* Catch size_t overflow */
if (newlen < SDS_MAX_PREALLOC)
newlen *= 2;
else
@@ -219,6 +221,7 @@ sds sdsMakeRoomFor(sds s, size_t addlen) {
if (type == SDS_TYPE_5) type = SDS_TYPE_8;
hdrlen = sdsHdrSize(type);
+ if (hdrlen+newlen+1 <= reqlen) return NULL; /* Catch size_t overflow */
if (oldtype==type) {
newsh = s_realloc(sh, hdrlen+newlen+1);
if (newsh == NULL) return NULL;
@@ -580,7 +583,7 @@ sds sdscatprintf(sds s, const char *fmt, ...) {
*/
sds sdscatfmt(sds s, char const *fmt, ...) {
const char *f = fmt;
- int i;
+ long i;
va_list ap;
va_start(ap,fmt);
@@ -755,14 +758,14 @@ int sdsrange(sds s, ssize_t start, ssize_t end) {
/* Apply tolower() to every character of the sds string 's'. */
void sdstolower(sds s) {
- int len = sdslen(s), j;
+ size_t len = sdslen(s), j;
for (j = 0; j < len; j++) s[j] = tolower(s[j]);
}
/* Apply toupper() to every character of the sds string 's'. */
void sdstoupper(sds s) {
- int len = sdslen(s), j;
+ size_t len = sdslen(s), j;
for (j = 0; j < len; j++) s[j] = toupper(s[j]);
}