diff options
Diffstat (limited to 'generic/tclThreadAlloc.c')
-rwxr-xr-x | generic/tclThreadAlloc.c | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/generic/tclThreadAlloc.c b/generic/tclThreadAlloc.c index 0850d66..e32ad84 100755 --- a/generic/tclThreadAlloc.c +++ b/generic/tclThreadAlloc.c @@ -11,7 +11,7 @@ * See the file "license.terms" for information on usage and redistribution of * this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tclThreadAlloc.c,v 1.27 2008/03/20 09:49:16 dkf Exp $ + * RCS: @(#) $Id: tclThreadAlloc.c,v 1.27.2.1 2009/09/29 04:43:59 dgp Exp $ */ #include "tclInt.h" @@ -288,11 +288,23 @@ char * TclpAlloc( unsigned int reqSize) { - Cache *cachePtr = TclpGetAllocCache(); + Cache *cachePtr; Block *blockPtr; register int bucket; size_t size; + if (sizeof(int) >= sizeof(size_t)) { + /* An unsigned int overflow can also be a size_t overflow */ + const size_t zero = 0; + const size_t max = ~zero; + + if (((size_t) reqSize) > max - sizeof(Block) - RCHECK) { + /* Requested allocation exceeds memory */ + return NULL; + } + } + + cachePtr = TclpGetAllocCache(); if (cachePtr == NULL) { cachePtr = GetCache(); } @@ -414,7 +426,7 @@ TclpRealloc( char *ptr, unsigned int reqSize) { - Cache *cachePtr = TclpGetAllocCache(); + Cache *cachePtr; Block *blockPtr; void *newPtr; size_t size, min; @@ -424,6 +436,18 @@ TclpRealloc( return TclpAlloc(reqSize); } + if (sizeof(int) >= sizeof(size_t)) { + /* An unsigned int overflow can also be a size_t overflow */ + const size_t zero = 0; + const size_t max = ~zero; + + if (((size_t) reqSize) > max - sizeof(Block) - RCHECK) { + /* Requested allocation exceeds memory */ + return NULL; + } + } + + cachePtr = TclpGetAllocCache(); if (cachePtr == NULL) { cachePtr = GetCache(); } |