Commit 0c7dc758 authored by Christian Hergert's avatar Christian Hergert

garray: add overflow checks before expanding array

We should bail when we detect that adding a number of items to an array
would cause it to overflow. Since we can't change to using gsize for ABI
reasons we should protect the integrity of the process even if that means
crashing.
parent 4e1488ee
Pipeline #21050 passed with stages
in 10 minutes and 3 seconds
......@@ -803,8 +803,14 @@ static void
g_array_maybe_expand (GRealArray *array,
guint len)
{
guint want_alloc = g_array_elt_len (array, array->len + len +
array->zero_terminated);
guint want_alloc;
/* Detect potential overflow */
if G_UNLIKELY ((G_MAXUINT - array->len) < len)
g_error ("adding %u to array would overflow", len);
want_alloc = g_array_elt_len (array, array->len + len +
array->zero_terminated);
if (want_alloc > array->alloc)
{
......@@ -1162,6 +1168,10 @@ static void
g_ptr_array_maybe_expand (GRealPtrArray *array,
gint len)
{
/* Detect potential overflow */
if G_UNLIKELY ((G_MAXUINT - array->len) < len)
g_error ("adding %u to array would overflow", len);
if ((array->len + len) > array->alloc)
{
guint old_alloc = array->alloc;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment