ShuriZma
/
xqemu
mirror of https://github.com/xqemu/xqemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

qstring: Assert size calculations don't overflow 

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20180727062204.10401-2-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
This commit is contained in:
Markus Armbruster 2018-07-27 08:22:03 +02:00
parent ad63c549ec
commit b65ab77b3a
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
qobject/qstring.c
View File

@ -41,17 +41,19 @@ QString *qstring_from_substr(const char *str, size_t start, size_t end)
{ {
QString *qstring; QString *qstring;
assert(start <= end + 1);
qstring = g_malloc(sizeof(*qstring)); qstring = g_malloc(sizeof(*qstring));
qobject_init(QOBJECT(qstring), QTYPE_QSTRING); qobject_init(QOBJECT(qstring), QTYPE_QSTRING);
qstring->length = end - start + 1; qstring->length = end - start + 1;
qstring->capacity = qstring->length; qstring->capacity = qstring->length;
assert(qstring->capacity < SIZE_MAX);
qstring->string = g_malloc(qstring->capacity + 1); qstring->string = g_malloc(qstring->capacity + 1);
memcpy(qstring->string, str + start, qstring->length); memcpy(qstring->string, str + start, qstring->length);
qstring->string[qstring->length] = 0; qstring->string[qstring->length] = 0;
return qstring; return qstring;
} }
@ -68,7 +70,9 @@ QString *qstring_from_str(const char *str)
static void capacity_increase(QString *qstring, size_t len) static void capacity_increase(QString *qstring, size_t len)
{ {
if (qstring->capacity < (qstring->length + len)) { if (qstring->capacity < (qstring->length + len)) {
assert(len <= SIZE_MAX - qstring->capacity);
qstring->capacity += len; qstring->capacity += len;
assert(qstring->capacity <= SIZE_MAX / 2);
qstring->capacity *= 2; /* use exponential growth */ qstring->capacity *= 2; /* use exponential growth */
qstring->string = g_realloc(qstring->string, qstring->capacity + 1); qstring->string = g_realloc(qstring->string, qstring->capacity + 1);