From f227e90c248b37fe50c9e48a08a1bb976c782e9f Mon Sep 17 00:00:00 2001 From: michi_cc Date: Fri, 2 Sep 2011 20:54:51 +0000 Subject: (svn r22875) -Codechange: Add some asserts and checks to better prevent overflow of the argument to malloc. (monoid) --- src/core/alloc_func.hpp | 10 +++++++++- src/misc/binaryheap.hpp | 2 ++ src/misc/blob.hpp | 1 + src/misc/fixedsizearray.hpp | 3 +++ src/pathfinder/npf/queue.cpp | 3 +++ src/stdafx.h | 4 ++++ 6 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/core/alloc_func.hpp b/src/core/alloc_func.hpp index 6f70627ed..7bd09b004 100644 --- a/src/core/alloc_func.hpp +++ b/src/core/alloc_func.hpp @@ -42,6 +42,9 @@ static FORCEINLINE T *MallocT(size_t num_elements) */ if (num_elements == 0) return NULL; + /* Ensure the size does not overflow. */ + if (num_elements > SIZE_MAX / sizeof(T)) MallocError(SIZE_MAX); + T *t_ptr = (T*)malloc(num_elements * sizeof(T)); if (t_ptr == NULL) MallocError(num_elements * sizeof(T)); return t_ptr; @@ -96,12 +99,17 @@ static FORCEINLINE T *ReallocT(T *t_ptr, size_t num_elements) return NULL; } + /* Ensure the size does not overflow. */ + if (num_elements > SIZE_MAX / sizeof(T)) MallocError(SIZE_MAX); + t_ptr = (T*)realloc(t_ptr, num_elements * sizeof(T)); if (t_ptr == NULL) ReallocError(num_elements * sizeof(T)); return t_ptr; } /** alloca() has to be called in the parent function, so define AllocaM() as a macro */ -#define AllocaM(T, num_elements) ((T*)alloca((num_elements) * sizeof(T))) +#define AllocaM(T, num_elements) \ + ((num_elements) > SIZE_MAX / sizeof(T) && (MallocError(SIZE_MAX), NULL), \ + (T*)alloca((num_elements) * sizeof(T))) #endif /* ALLOC_FUNC_HPP */ diff --git a/src/misc/binaryheap.hpp b/src/misc/binaryheap.hpp index 76f93371e..55730a2ce 100644 --- a/src/misc/binaryheap.hpp +++ b/src/misc/binaryheap.hpp @@ -204,6 +204,8 @@ public: FORCEINLINE void Include(T *new_item) { if (this->IsFull()) { + assert(this->capacity < UINT_MAX / 2); + this->capacity *= 2; this->data = ReallocT(this->data, this->capacity + 1); } diff --git a/src/misc/blob.hpp b/src/misc/blob.hpp index bd83904ea..94459a365 100644 --- a/src/misc/blob.hpp +++ b/src/misc/blob.hpp @@ -260,6 +260,7 @@ public: if (Capacity() >= new_size) return; /* calculate minimum block size we need to allocate * and ask allocation policy for some reasonable block size */ + assert(new_size < SIZE_MAX - header_size - tail_reserve); new_size = AllocPolicy(header_size + new_size + tail_reserve); /* allocate new block and setup header */ diff --git a/src/misc/fixedsizearray.hpp b/src/misc/fixedsizearray.hpp index 8b82373fa..a6f4d0c42 100644 --- a/src/misc/fixedsizearray.hpp +++ b/src/misc/fixedsizearray.hpp @@ -53,6 +53,9 @@ public: /** Default constructor. Preallocate space for items and header, then initialize header. */ FixedSizeArray() { + /* Ensure the size won't overflow. */ + assert_compile(C < (SIZE_MAX - HeaderSize) / Tsize); + /* allocate block for header + items (don't construct items) */ data = (T*)((MallocT(HeaderSize + C * Tsize)) + HeaderSize); SizeRef() = 0; // initial number of items diff --git a/src/pathfinder/npf/queue.cpp b/src/pathfinder/npf/queue.cpp index b235c3b0e..b12c59d6c 100644 --- a/src/pathfinder/npf/queue.cpp +++ b/src/pathfinder/npf/queue.cpp @@ -234,6 +234,9 @@ void Hash::Init(Hash_HashProc *hash, uint num_buckets) /* Allocate space for the Hash, the buckets and the bucket flags */ uint i; + /* Ensure the size won't overflow. */ + assert(num_buckets < SIZE_MAX / (sizeof(*this->buckets) + sizeof(*this->buckets_in_use))); + this->hash = hash; this->size = 0; this->num_buckets = num_buckets; diff --git a/src/stdafx.h b/src/stdafx.h index 4d61cf8b5..c50a93eba 100644 --- a/src/stdafx.h +++ b/src/stdafx.h @@ -63,6 +63,10 @@ #include #include +#ifndef SIZE_MAX + #define SIZE_MAX ((size_t)-1) +#endif + #if defined(UNIX) || defined(__MINGW32__) #include #endif -- cgit v1.2.3-70-g09d2