Mercurial > hg
comparison mercurial/parsers.c @ 24623:2262d7bc469e
parsers: check for memory allocation overflows more carefully
author | Bryan O'Sullivan <bryano@fb.com> |
---|---|
date | Mon, 06 Apr 2015 08:23:27 -0700 |
parents | 1e05f11619bb |
children | f2fd087a75ef |
comparison
equal
deleted
inserted
replaced
24622:1e05f11619bb | 24623:2262d7bc469e |
---|---|
1317 } | 1317 } |
1318 | 1318 |
1319 static int nt_new(indexObject *self) | 1319 static int nt_new(indexObject *self) |
1320 { | 1320 { |
1321 if (self->ntlength == self->ntcapacity) { | 1321 if (self->ntlength == self->ntcapacity) { |
1322 if (self->ntcapacity >= INT_MAX / (sizeof(nodetree) * 2)) { | |
1323 PyErr_SetString(PyExc_MemoryError, | |
1324 "overflow in nt_new"); | |
1325 return -1; | |
1326 } | |
1322 self->ntcapacity *= 2; | 1327 self->ntcapacity *= 2; |
1323 self->nt = realloc(self->nt, | 1328 self->nt = realloc(self->nt, |
1324 self->ntcapacity * sizeof(nodetree)); | 1329 self->ntcapacity * sizeof(nodetree)); |
1325 if (self->nt == NULL) { | 1330 if (self->nt == NULL) { |
1326 PyErr_SetString(PyExc_MemoryError, "out of memory"); | 1331 PyErr_SetString(PyExc_MemoryError, "out of memory"); |
1378 } | 1383 } |
1379 | 1384 |
1380 static int nt_init(indexObject *self) | 1385 static int nt_init(indexObject *self) |
1381 { | 1386 { |
1382 if (self->nt == NULL) { | 1387 if (self->nt == NULL) { |
1383 if (self->raw_length > INT_MAX) { | 1388 if (self->raw_length > INT_MAX / sizeof(nodetree)) { |
1384 PyErr_SetString(PyExc_ValueError, "overflow in nt_init"); | 1389 PyErr_SetString(PyExc_ValueError, "overflow in nt_init"); |
1385 return -1; | 1390 return -1; |
1386 } | 1391 } |
1387 self->ntcapacity = self->raw_length < 4 | 1392 self->ntcapacity = self->raw_length < 4 |
1388 ? 4 : (int)self->raw_length / 2; | 1393 ? 4 : (int)self->raw_length / 2; |