]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_asn1/lib/plarena.c
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-58286.260.20.tar.gz
[apple/security.git] / OSX / libsecurity_asn1 / lib / plarena.c
diff --git a/OSX/libsecurity_asn1/lib/plarena.c b/OSX/libsecurity_asn1/lib/plarena.c
index d7073980a2c0d751b20aa8ef6655c2f3c1a684b7..48c69b3e3faf3fa4f2cda50f8ea3ab79ca815d6b 100644 (file)
--- a/OSX/libsecurity_asn1/lib/plarena.c
+++ b/OSX/libsecurity_asn1/lib/plarena.c
@@ -126,13 +126,18 @@ PR_IMPLEMENT(void *) PL_ArenaAllocate(PLArenaPool *pool, PRUint32 nb)
 {
     PLArena *a;   
     char *rp;     /* returned pointer */
 {
     PLArena *a;   
     char *rp;     /* returned pointer */
+    PRUint32 nbOld;
 
     PR_ASSERT((nb & pool->mask) == 0);
 
     PR_ASSERT((nb & pool->mask) == 0);
+    nbOld = nb;
 #ifdef __APPLE__
     nb = PL_ARENA_ALIGN(pool, nb); /* force alignment, cast is useless/causes warning. */
 #else
     nb = (PRUword)PL_ARENA_ALIGN(pool, nb); /* force alignment */
 #endif
 #ifdef __APPLE__
     nb = PL_ARENA_ALIGN(pool, nb); /* force alignment, cast is useless/causes warning. */
 #else
     nb = (PRUword)PL_ARENA_ALIGN(pool, nb); /* force alignment */
 #endif
+    /* ensure that alignment didn't cause overflow */
+    if (nb < nbOld)
+        return NULL;
 
     /* attempt to allocate from arenas at pool->current */
     {
 
     /* attempt to allocate from arenas at pool->current */
     {
@@ -204,17 +209,24 @@ PR_IMPLEMENT(void *) PL_ArenaGrow(
        PLArena *lastArena;
        PRUint32 origAlignSize;         // bytes currently reserved for caller
        PRUint32 newSize;                       // bytes actually mallocd here
        PLArena *lastArena;
        PRUint32 origAlignSize;         // bytes currently reserved for caller
        PRUint32 newSize;                       // bytes actually mallocd here
-       
-       /* expand at least by 2x */
+
+    // Enforce maximal size before any potential implicit truncation
+    if (origSize>=MAX_SIZE || incr>=MAX_SIZE) {
+        return NULL;
+    }
        origAlignSize = PL_ARENA_ALIGN(pool, origSize);
        origAlignSize = PL_ARENA_ALIGN(pool, origSize);
+    if (origAlignSize>=MAX_SIZE) {
+        return NULL;
+    }
+
+    /* expand at least by 2x */
     newSize = PR_MAX(origAlignSize+incr, 2*origAlignSize);
     newSize = PL_ARENA_ALIGN(pool, newSize);
     newSize = PR_MAX(origAlignSize+incr, 2*origAlignSize);
     newSize = PL_ARENA_ALIGN(pool, newSize);
-#if __APPLE__
-    // Enforce maximal size before any potential implicit truncation
-    if (newSize>=MAX_SIZE || origSize>=MAX_SIZE || incr>=MAX_SIZE) {
+
+    if (newSize>=MAX_SIZE) {
         return NULL;
     }
         return NULL;
     }
-#endif
+
     PL_ARENA_ALLOCATE(newp, pool, newSize);
     if (newp == NULL) {
         return NULL;
     PL_ARENA_ALLOCATE(newp, pool, newSize);
     if (newp == NULL) {
         return NULL;
mirror of Security