groonga/groonga at 110339f [master] grn_ts: add overflow checks (Groonga-commit) - Groonga - fulltext search engine.

susumu.yata	2015-11-18 16:40:36 +0900 (Wed, 18 Nov 2015)

  New Revision: 110339f399a330a8b4bde23cac2355305afee856
  https://github.com/groonga/groonga/commit/110339f399a330a8b4bde23cac2355305afee856

  Message:
    grn_ts: add overflow checks

  Modified files:
    lib/ts/ts_buf.c

  Modified: lib/ts/ts_buf.c (+10 -0)
===================================================================

--- lib/ts/ts_buf.c    2015-11-18 14:19:43 +0900 (332196c)
+++ lib/ts/ts_buf.c    2015-11-18 16:40:36 +0900 (71deac7)
@@ -74,6 +74,11 @@ grn_ts_buf_reserve(grn_ctx *ctx, grn_ts_buf *buf, size_t new_size)
   }
   enough_size = buf->size ? (buf->size << 1) : 1;
   while (enough_size < new_size) {
+    if ((enough_size << 1) < enough_size) {
+      GRN_TS_ERR_RETURN(GRN_INVALID_ARGUMENT,
+                        "size overflow: %" GRN_FMT_SIZE,
+                        new_size);
+    }
     enough_size <<= 1;
   }
   new_ptr = GRN_REALLOC(buf->ptr, enough_size);
@@ -117,6 +122,11 @@ grn_rc
 grn_ts_buf_write(grn_ctx *ctx, grn_ts_buf *buf, const void *ptr, size_t size)
 {
   size_t new_pos = buf->pos + size;
+  if (new_pos < buf->pos) {
+    GRN_TS_ERR_RETURN(GRN_INVALID_ARGUMENT,
+                      "size overflow: %" GRN_FMT_SIZE " + %" GRN_FMT_SIZE,
+                      buf->pos, size);
+  }
   if (new_pos > buf->size) {
     grn_rc rc = grn_ts_buf_reserve(ctx, buf, new_pos);
     if (rc != GRN_SUCCESS) {
-------------- next part --------------
HTML����������������������������...
Download 


Groonga - fulltext search engine.

[Groonga-commit] groonga/groonga at 110339f [master] grn_ts: add overflow checks