--- pegasus/src/Pegasus/Common/HTTPConnection.cpp.obz5053 2006-05-31 14:05:14.000000000 -0400 +++ pegasus/src/Pegasus/Common/HTTPConnection.cpp 2006-05-31 14:05:14.000000000 -0400 @@ -1036,20 +1036,23 @@ // reserve space for entire non-chunked message if (_contentLength > 0) { - try - { - Uint32 capacity = (Uint32)(_contentLength + _contentOffset + 1); - _incomingBuffer.reserveCapacity(capacity); - data = (char *)_incomingBuffer.getData(); - data[capacity-1] = 0; - }catch(const PEGASUS_STD(bad_alloc)&) - { - _throwEventFailure(HTTP_STATUS_REQUEST_TOO_LARGE, - "Error reserving space for non-chunked message"); - }catch(...) - { - _throwEventFailure(httpStatusInternal, "unexpected exception"); - } + try + { + Uint32 capacity = (Uint32)(_contentLength + + _contentOffset + 1); + _incomingBuffer.reserveCapacity(capacity); + data = (char *)_incomingBuffer.getData(); + data[capacity-1] = 0; + } + catch(const PEGASUS_STD(bad_alloc)&) + { + _throwEventFailure(HTTP_STATUS_REQUEST_TOO_LARGE, + "Error reserving space for non-chunked message"); + } + catch(...) + { + _throwEventFailure(httpStatusInternal, "unexpected exception"); + } } break; --- pegasus/src/Pegasus/Common/tests/Array/Array.cpp.obz5053 2006-01-30 11:17:15.000000000 -0500 +++ pegasus/src/Pegasus/Common/tests/Array/Array.cpp 2006-05-31 14:34:16.000000000 -0400 @@ -189,7 +189,7 @@ { Array arr(0xffff0000); } - catch (const NullPointer&) + catch (const PEGASUS_STD(bad_alloc)&) { exceptionCaught = true; } @@ -201,7 +201,7 @@ { Array arr(0xffff0000, 100); } - catch (const NullPointer&) + catch (const PEGASUS_STD(bad_alloc)&) { exceptionCaught = true; } @@ -214,7 +214,7 @@ Uint32 myInt = 50; Array arr(&myInt, 0xffff0000); } - catch (const NullPointer&) + catch (const PEGASUS_STD(bad_alloc)&) { exceptionCaught = true; } @@ -224,7 +224,16 @@ { Array arr(128); PEGASUS_TEST_ASSERT(arr.getCapacity() == 128); - arr.reserveCapacity(0xffff0000); + exceptionCaught = false; + try + { + arr.reserveCapacity(0xffff0000); + } + catch (const PEGASUS_STD(bad_alloc)&) + { + exceptionCaught = true; + } + PEGASUS_TEST_ASSERT(exceptionCaught); PEGASUS_TEST_ASSERT(arr.getCapacity() == 128); } } --- pegasus/src/Pegasus/Common/InternalException.h.obz5053 2006-01-30 11:17:04.000000000 -0500 +++ pegasus/src/Pegasus/Common/InternalException.h 2006-05-31 14:05:14.000000000 -0400 @@ -619,6 +619,18 @@ #define PEGASUS_CIM_EXCEPTION_L(CODE, MSG_PARMS) \ TraceableCIMException(CODE, MSG_PARMS, String(__FILE__), __LINE__) +/** Macro to prevent overflow of a signed int value when said value is + * doubled. If String/Array/Buffer size is greater than 0x3FFFFFFF, then + * something is suspect, throw bad_alloc exception. + */ +#define PEGASUS_CHECK_CAPACITY_OVERFLOW(capacity) \ + do \ + { \ + if (capacity > 0x3FFFFFFF) \ + throw PEGASUS_STD(bad_alloc)(); \ + } \ + while (0) + PEGASUS_NAMESPACE_END #endif /* Pegasus_InternalException_h */ --- pegasus/src/Pegasus/Common/ArrayRep.h.obz5053 2006-01-30 11:16:46.000000000 -0500 +++ pegasus/src/Pegasus/Common/ArrayRep.h 2006-05-31 14:05:14.000000000 -0400 @@ -145,9 +145,10 @@ } // Test for Uint32 overflow in the memory allocation size + // throw a bad_alloc exception if overflow would occur. if (initialCapacity > (Uint32(0xffffffff)-sizeof(ArrayRep))/sizeof(T)) { - return 0; + throw PEGASUS_STD(bad_alloc)(); } // Create object: --- pegasus/src/Pegasus/Common/ArrayImpl.h.obz5053 2006-01-30 11:16:45.000000000 -0500 +++ pegasus/src/Pegasus/Common/ArrayImpl.h 2006-05-31 14:05:14.000000000 -0400 @@ -77,10 +77,8 @@ { _rep = ArrayRep::alloc(size); - if (!_rep) - { - throw NullPointer(); - } + // ArrayRep::alloc() throws a bad_alloc exception if + // storage could not be obtained. InitializeRaw(Array_data, size); } @@ -92,10 +90,8 @@ { _rep = ArrayRep::alloc(size); - if (!_rep) - { - throw NullPointer(); - } + // ArrayRep::alloc() throws a bad_alloc exception if + // storage could not be obtained. PEGASUS_ARRAY_T* data = Array_data; @@ -114,10 +110,8 @@ { _rep = ArrayRep::alloc(size); - if (!_rep) - { - throw NullPointer(); - } + // ArrayRep::alloc() throws a bad_alloc exception if + // storage could not be obtained. CopyToRaw(Array_data, items, size); } @@ -176,8 +170,8 @@ ArrayRep* rep = ArrayRep::alloc(capacity); - if (!rep) - return; + // ArrayRep::alloc() throws a bad_alloc exception if + // storage could not be obtained. rep->size = Array_size; --- pegasus/src/Pegasus/Common/Buffer.cpp.obz5053 2006-05-31 14:05:14.000000000 -0400 +++ pegasus/src/Pegasus/Common/Buffer.cpp 2006-05-31 14:05:14.000000000 -0400 @@ -43,16 +43,13 @@ static const size_t MIN_CAPACITY = 2048; -#ifndef PEGASUS_CHECK_FOR_OVERFLOW -#define PEGASUS_CHECK_FOR_OVERFLOW(capacity) { if (capacity > 0x3FFFFFFF) throw PEGASUS_STD(bad_alloc)(); } -#endif - static Uint32 _next_pow_2(Uint32 x) { if (x < MIN_CAPACITY) return MIN_CAPACITY; - PEGASUS_CHECK_FOR_OVERFLOW(x); + // Check for potential overflow in x. + PEGASUS_CHECK_CAPACITY_OVERFLOW(x); x--; x |= (x >> 1); @@ -139,7 +136,8 @@ } else { - PEGASUS_CHECK_FOR_OVERFLOW(_rep->cap); + // Check for potential overflow. + PEGASUS_CHECK_CAPACITY_OVERFLOW(_rep->cap); _rep = _reallocate(_rep, _rep->cap ? (2 * _rep->cap) : MIN_CAPACITY); } } --- pegasus/src/Pegasus/Common/String.cpp.obz5053 2006-05-31 14:05:14.000000000 -0400 +++ pegasus/src/Pegasus/Common/String.cpp 2006-05-31 14:05:14.000000000 -0400 @@ -51,10 +51,6 @@ #include #endif -#ifndef PEGASUS_CHECK_FOR_OVERFLOW -#define PEGASUS_CHECK_FOR_OVERFLOW(capacity) { if (capacity > 0x3FFFFFFF) throw PEGASUS_STD(bad_alloc)(); } -#endif - PEGASUS_NAMESPACE_BEGIN //============================================================================== @@ -170,7 +166,8 @@ { #ifndef PEGASUS_STRING_NO_THROW - PEGASUS_CHECK_FOR_OVERFLOW(x); + // Check for potential overflow in x + PEGASUS_CHECK_CAPACITY_OVERFLOW(x); #endif @@ -547,8 +544,9 @@ inline StringRep* StringRep::alloc(size_t cap) { #ifndef PEGASUS_STRING_NO_THROW - - PEGASUS_CHECK_FOR_OVERFLOW(cap); + + // Check for potential overflow in cap + PEGASUS_CHECK_CAPACITY_OVERFLOW(cap); #endif