Mercurial > hg
comparison mercurial/parsers.c @ 24623:2262d7bc469e
parsers: check for memory allocation overflows more carefully
| author | Bryan O'Sullivan <bryano@fb.com> |
|---|---|
| date | Mon, 06 Apr 2015 08:23:27 -0700 |
| parents | 1e05f11619bb |
| children | f2fd087a75ef |
comparison
equal
deleted
inserted
replaced
| 24622:1e05f11619bb | 24623:2262d7bc469e |
|---|---|
| 1317 } | 1317 } |
| 1318 | 1318 |
| 1319 static int nt_new(indexObject *self) | 1319 static int nt_new(indexObject *self) |
| 1320 { | 1320 { |
| 1321 if (self->ntlength == self->ntcapacity) { | 1321 if (self->ntlength == self->ntcapacity) { |
| 1322 if (self->ntcapacity >= INT_MAX / (sizeof(nodetree) * 2)) { | |
| 1323 PyErr_SetString(PyExc_MemoryError, | |
| 1324 "overflow in nt_new"); | |
| 1325 return -1; | |
| 1326 } | |
| 1322 self->ntcapacity *= 2; | 1327 self->ntcapacity *= 2; |
| 1323 self->nt = realloc(self->nt, | 1328 self->nt = realloc(self->nt, |
| 1324 self->ntcapacity * sizeof(nodetree)); | 1329 self->ntcapacity * sizeof(nodetree)); |
| 1325 if (self->nt == NULL) { | 1330 if (self->nt == NULL) { |
| 1326 PyErr_SetString(PyExc_MemoryError, "out of memory"); | 1331 PyErr_SetString(PyExc_MemoryError, "out of memory"); |
| 1378 } | 1383 } |
| 1379 | 1384 |
| 1380 static int nt_init(indexObject *self) | 1385 static int nt_init(indexObject *self) |
| 1381 { | 1386 { |
| 1382 if (self->nt == NULL) { | 1387 if (self->nt == NULL) { |
| 1383 if (self->raw_length > INT_MAX) { | 1388 if (self->raw_length > INT_MAX / sizeof(nodetree)) { |
| 1384 PyErr_SetString(PyExc_ValueError, "overflow in nt_init"); | 1389 PyErr_SetString(PyExc_ValueError, "overflow in nt_init"); |
| 1385 return -1; | 1390 return -1; |
| 1386 } | 1391 } |
| 1387 self->ntcapacity = self->raw_length < 4 | 1392 self->ntcapacity = self->raw_length < 4 |
| 1388 ? 4 : (int)self->raw_length / 2; | 1393 ? 4 : (int)self->raw_length / 2; |