mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00
Code Issues Releases Wiki Activity

Check for overflow when resizing a heap

Browse Source 
Ensure that the heap size calculations produce the correct answers,
and use `isc_mem_reget()` instead of calling `get` and `put`.

Closes #4122
This commit is contained in:
Tony Finch 2023-06-06 15:24:02 +01:00 committed by Ondřej Surý
parent 14f5b79c74
commit e2eaefbf7a
No known key found for this signature in database
GPG Key ID: 2820F37E873DEA41
1 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lib/isc/heap.c
View File

@ -26,6 +26,7 @@
#include <isc/heap.h>
#include <isc/magic.h>
#include <isc/mem.h>
#include <isc/overflow.h>
#include <isc/string.h> /* Required for memmove. */
#include <isc/util.h>
@ -123,20 +124,17 @@ isc_heap_destroy(isc_heap_t **heapp) {
static void
resize(isc_heap_t *heap) {
void **new_array;
unsigned int new_size;
unsigned int new_size, new_bytes, old_bytes;
REQUIRE(VALID_HEAP(heap));
new_size = heap->size + heap->size_increment;
new_array = isc_mem_get(heap->mctx, new_size * sizeof(void *));
if (heap->array != NULL) {
memmove(new_array, heap->array, heap->size * sizeof(void *));
isc_mem_put(heap->mctx, heap->array,
heap->size * sizeof(void *));
}
new_size = ISC_CHECKED_ADD(heap->size, heap->size_increment);
new_bytes = ISC_CHECKED_MUL(new_size, sizeof(void *));
old_bytes = ISC_CHECKED_MUL(heap->size, sizeof(void *));
heap->size = new_size;
heap->array = new_array;
heap->array = isc_mem_reget(heap->mctx, heap->array, old_bytes,
new_bytes);
}
static void