diff options
author | jan.nijtmans <nijtmans@users.sourceforge.net> | 2022-03-15 15:26:24 (GMT) |
---|---|---|
committer | jan.nijtmans <nijtmans@users.sourceforge.net> | 2022-03-15 15:26:24 (GMT) |
commit | c698498d6dea2e7b6507e0a2b724c4fb7da502b1 (patch) | |
tree | 2ad8ebaadbb24145b469e39a5050477514127825 /generic/tclBinary.c | |
parent | fb115db64ceb2b31b68345ef5fa6a0c2442cab8e (diff) | |
parent | 9daf0e2a9975554c4473e2233f05dac5131ff6cf (diff) | |
download | tcl-c698498d6dea2e7b6507e0a2b724c4fb7da502b1.zip tcl-c698498d6dea2e7b6507e0a2b724c4fb7da502b1.tar.gz tcl-c698498d6dea2e7b6507e0a2b724c4fb7da502b1.tar.bz2 |
Merge 9.0
Diffstat (limited to 'generic/tclBinary.c')
-rw-r--r-- | generic/tclBinary.c | 42 |
1 files changed, 22 insertions, 20 deletions
diff --git a/generic/tclBinary.c b/generic/tclBinary.c index 8a5e033..65e9f6c 100644 --- a/generic/tclBinary.c +++ b/generic/tclBinary.c @@ -183,7 +183,9 @@ typedef struct { } ByteArray; #define BYTEARRAY_SIZE(len) \ - (offsetof(ByteArray, bytes) + (len)) + ( (offsetof(ByteArray, bytes) + (len) < offsetof(ByteArray, bytes)) \ + ? (Tcl_Panic("max size of a Tcl value exceeded"), 0) \ + : (offsetof(ByteArray, bytes) + (len)) ) #define GET_BYTEARRAY(irPtr) ((ByteArray *) (irPtr)->twoPtrValue.ptr1) #define SET_BYTEARRAY(irPtr, baPtr) \ (irPtr)->twoPtrValue.ptr1 = (baPtr) @@ -714,7 +716,7 @@ UpdateStringOfByteArray( for (i = 0; i < length; i++) { if ((src[i] == 0) || (src[i] > 127)) { - size += 1U; + size++; } } @@ -785,31 +787,28 @@ TclAppendBytesToByteArray( } byteArrayPtr = GET_BYTEARRAY(irPtr); - /* Size limit check now commented out. Used to protect calls to - * Tcl_*Alloc*() limited by unsigned int arguments. - * - if (len > UINT_MAX - byteArrayPtr->used) { - Tcl_Panic("max size for a Tcl value (%u bytes) exceeded", UINT_MAX); - } - * - */ - - needed = byteArrayPtr->used + len; /* * If we need to, resize the allocated space in the byte array. */ + needed = byteArrayPtr->used + len; + if (needed < byteArrayPtr->used) { + /* Wrapped around SIZE_MAX!! */ + Tcl_Panic("max size of a Tcl value exceeded"); + } if (needed > byteArrayPtr->allocated) { ByteArray *ptr = NULL; - size_t attempt; - if (needed <= INT_MAX/2) { - /* - * Try to allocate double the total space that is needed. - */ + /* + * Try to allocate double the total space that is needed. + */ - attempt = 2 * needed; - ptr = (ByteArray *)Tcl_AttemptRealloc(byteArrayPtr, BYTEARRAY_SIZE(attempt)); + size_t attempt = 2 * needed; + + /* Protection just in case we wrapped around SIZE_MAX */ + if (attempt >= needed) { + ptr = (ByteArray *) Tcl_AttemptRealloc(byteArrayPtr, + BYTEARRAY_SIZE(attempt)); } if (ptr == NULL) { /* @@ -817,7 +816,10 @@ TclAppendBytesToByteArray( */ attempt = needed + len + TCL_MIN_GROWTH; - ptr = (ByteArray *)Tcl_AttemptRealloc(byteArrayPtr, BYTEARRAY_SIZE(attempt)); + if (attempt >= needed) { + ptr = (ByteArray *) Tcl_AttemptRealloc(byteArrayPtr, + BYTEARRAY_SIZE(attempt)); + } } if (ptr == NULL) { /* |