Commit b65ab77b authored by Markus Armbruster's avatar Markus Armbruster
Browse files

qstring: Assert size calculations don't overflow 



Signed-off-by: default avatarMarkus Armbruster <armbru@redhat.com>
Message-Id: <20180727062204.10401-2-armbru@redhat.com>
Reviewed-by: default avatarEric Blake <eblake@redhat.com>
parent ad63c549

qobject/qstring.c

+5 −1
Original line number Diff line number Diff line
@@ -41,17 +41,19 @@ QString *qstring_from_substr(const char *str, size_t start, size_t end) 
{

    QString *qstring;



    assert(start <= end + 1);



    qstring = g_malloc(sizeof(*qstring));

    qobject_init(QOBJECT(qstring), QTYPE_QSTRING);



    qstring->length = end - start + 1;

    qstring->capacity = qstring->length;



    assert(qstring->capacity < SIZE_MAX);

    qstring->string = g_malloc(qstring->capacity + 1);

    memcpy(qstring->string, str + start, qstring->length);

    qstring->string[qstring->length] = 0;





    return qstring;

}
@@ -68,7 +70,9 @@ QString *qstring_from_str(const char *str) 
static void capacity_increase(QString *qstring, size_t len)

{

    if (qstring->capacity < (qstring->length + len)) {

        assert(len <= SIZE_MAX - qstring->capacity);

        qstring->capacity += len;

        assert(qstring->capacity <= SIZE_MAX / 2);

        qstring->capacity *= 2; /* use exponential growth */



        qstring->string = g_realloc(qstring->string, qstring->capacity + 1);