Check for BitVector capacity overflow The actual capacity of a BitVector is rounded up to the next multiple of eight, so capacity must not be larger than (SIZE_MAX - 7).
Project: http://git-wip-us.apache.org/repos/asf/lucy/repo Commit: http://git-wip-us.apache.org/repos/asf/lucy/commit/745a278b Tree: http://git-wip-us.apache.org/repos/asf/lucy/tree/745a278b Diff: http://git-wip-us.apache.org/repos/asf/lucy/diff/745a278b Branch: refs/heads/master Commit: 745a278bef0d3e8106759cb2482b22c3f5be10d2 Parents: d73b1cc Author: Nick Wellnhofer <[email protected]> Authored: Wed Jul 6 19:43:24 2016 +0200 Committer: Nick Wellnhofer <[email protected]> Committed: Wed Jul 6 19:43:24 2016 +0200 ---------------------------------------------------------------------- core/Lucy/Object/BitVector.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/lucy/blob/745a278b/core/Lucy/Object/BitVector.c ---------------------------------------------------------------------- diff --git a/core/Lucy/Object/BitVector.c b/core/Lucy/Object/BitVector.c index e340e18..202475a 100644 --- a/core/Lucy/Object/BitVector.c +++ b/core/Lucy/Object/BitVector.c @@ -48,8 +48,7 @@ static const uint32_t BYTE_COUNTS[256] = { static CFISH_INLINE size_t SI_octet_size(size_t bit_size) { - if (bit_size == 0) { return 0; } - return (bit_size - 1) / 8 + 1; + return (bit_size + 7) / 8; } BitVector* @@ -61,6 +60,10 @@ BitVec_new(size_t capacity) { BitVector* BitVec_init(BitVector *self, size_t capacity) { BitVectorIVARS *const ivars = BitVec_IVARS(self); + + if (capacity > SIZE_MAX - 7) { + THROW(ERR, "BitVector capacity too large"); + } const size_t byte_size = SI_octet_size(capacity); // Derive. @@ -130,6 +133,9 @@ void BitVec_Grow_IMP(BitVector *self, size_t capacity) { BitVectorIVARS *const ivars = BitVec_IVARS(self); if (capacity > ivars->cap) { + if (capacity > SIZE_MAX - 7) { + THROW(ERR, "BitVector capacity overflow"); + } const size_t old_byte_cap = SI_octet_size(ivars->cap); const size_t new_byte_cap = SI_octet_size(capacity); const size_t num_new_bytes = new_byte_cap - old_byte_cap;
