Check for overflow in VA_Grow
Project: http://git-wip-us.apache.org/repos/asf/lucy-clownfish/repo Commit: http://git-wip-us.apache.org/repos/asf/lucy-clownfish/commit/b93a882a Tree: http://git-wip-us.apache.org/repos/asf/lucy-clownfish/tree/b93a882a Diff: http://git-wip-us.apache.org/repos/asf/lucy-clownfish/diff/b93a882a Branch: refs/heads/master Commit: b93a882aacd6750235c26059b250bbb8247c3053 Parents: 24ab8ec Author: Nick Wellnhofer <[email protected]> Authored: Thu Apr 23 15:05:31 2015 +0200 Committer: Nick Wellnhofer <[email protected]> Committed: Thu Apr 23 15:05:31 2015 +0200 ---------------------------------------------------------------------- runtime/core/Clownfish/VArray.c | 3 +++ 1 file changed, 3 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/lucy-clownfish/blob/b93a882a/runtime/core/Clownfish/VArray.c ---------------------------------------------------------------------- diff --git a/runtime/core/Clownfish/VArray.c b/runtime/core/Clownfish/VArray.c index 690f441..e3c2240 100644 --- a/runtime/core/Clownfish/VArray.c +++ b/runtime/core/Clownfish/VArray.c @@ -180,6 +180,9 @@ VA_Store_IMP(VArray *self, size_t tick, Obj *elem) { void VA_Grow_IMP(VArray *self, size_t capacity) { if (capacity > self->cap) { + if (capacity > SIZE_MAX / sizeof(Obj*)) { + THROW(ERR, "Array grew too large"); + } self->elems = (Obj**)REALLOCATE(self->elems, capacity * sizeof(Obj*)); self->cap = capacity; memset(self->elems + self->size, 0,
