diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-11-28 09:16:38 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-11-28 09:16:38 +0000 |
commit | 2c771abfa30534aaa7435281d817f643548aedf7 (patch) | |
tree | d9a4506ca58e9a8b1510757156f9d729f0a1800a | |
parent | 76e66153b5cf7d0c245d7e8ea25c48a08ce867c2 (diff) | |
download | libmicrohttpd-2c771abfa30534aaa7435281d817f643548aedf7.tar.gz libmicrohttpd-2c771abfa30534aaa7435281d817f643548aedf7.zip |
-fix theoretical overflow issue reported by Florian Weimer
-rw-r--r-- | src/microhttpd/memorypool.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/src/microhttpd/memorypool.c b/src/microhttpd/memorypool.c index 143f10a8..f0115328 100644 --- a/src/microhttpd/memorypool.c +++ b/src/microhttpd/memorypool.c | |||
@@ -90,7 +90,7 @@ MHD_pool_create (size_t max) | |||
90 | 90 | ||
91 | pool = malloc (sizeof (struct MemoryPool)); | 91 | pool = malloc (sizeof (struct MemoryPool)); |
92 | if (pool == NULL) | 92 | if (pool == NULL) |
93 | return NULL; | 93 | return NULL; |
94 | #ifdef MAP_ANONYMOUS | 94 | #ifdef MAP_ANONYMOUS |
95 | if (max <= 32 * 1024) | 95 | if (max <= 32 * 1024) |
96 | pool->memory = MAP_FAILED; | 96 | pool->memory = MAP_FAILED; |
@@ -151,12 +151,14 @@ MHD_pool_destroy (struct MemoryPool *pool) | |||
151 | * bytes | 151 | * bytes |
152 | */ | 152 | */ |
153 | void * | 153 | void * |
154 | MHD_pool_allocate (struct MemoryPool *pool, | 154 | MHD_pool_allocate (struct MemoryPool *pool, |
155 | size_t size, int from_end) | 155 | size_t size, int from_end) |
156 | { | 156 | { |
157 | void *ret; | 157 | void *ret; |
158 | 158 | ||
159 | size = ROUND_TO_ALIGN (size); | 159 | size = ROUND_TO_ALIGN (size); |
160 | if (0 == size) | ||
161 | return NULL; /* size too close to SIZE_MAX */ | ||
160 | if ((pool->pos + size > pool->end) || (pool->pos + size < pool->pos)) | 162 | if ((pool->pos + size > pool->end) || (pool->pos + size < pool->pos)) |
161 | return NULL; | 163 | return NULL; |
162 | if (from_end == MHD_YES) | 164 | if (from_end == MHD_YES) |
@@ -192,13 +194,15 @@ MHD_pool_allocate (struct MemoryPool *pool, | |||
192 | */ | 194 | */ |
193 | void * | 195 | void * |
194 | MHD_pool_reallocate (struct MemoryPool *pool, | 196 | MHD_pool_reallocate (struct MemoryPool *pool, |
195 | void *old, | 197 | void *old, |
196 | size_t old_size, | 198 | size_t old_size, |
197 | size_t new_size) | 199 | size_t new_size) |
198 | { | 200 | { |
199 | void *ret; | 201 | void *ret; |
200 | 202 | ||
201 | new_size = ROUND_TO_ALIGN (new_size); | 203 | new_size = ROUND_TO_ALIGN (new_size); |
204 | if (0 == new_size) | ||
205 | return NULL; /* size too close to SIZE_MAX */ | ||
202 | if ((pool->end < old_size) || (pool->end < new_size)) | 206 | if ((pool->end < old_size) || (pool->end < new_size)) |
203 | return NULL; /* unsatisfiable or bogus request */ | 207 | return NULL; /* unsatisfiable or bogus request */ |
204 | 208 | ||
@@ -242,8 +246,8 @@ MHD_pool_reallocate (struct MemoryPool *pool, | |||
242 | * @return addr new address of @a keep (if it had to change) | 246 | * @return addr new address of @a keep (if it had to change) |
243 | */ | 247 | */ |
244 | void * | 248 | void * |
245 | MHD_pool_reset (struct MemoryPool *pool, | 249 | MHD_pool_reset (struct MemoryPool *pool, |
246 | void *keep, | 250 | void *keep, |
247 | size_t size) | 251 | size_t size) |
248 | { | 252 | { |
249 | size = ROUND_TO_ALIGN (size); | 253 | size = ROUND_TO_ALIGN (size); |