From 49923ccb2143e36850bcdeb781e2bcdf5ce22f15 Mon Sep 17 00:00:00 2001 From: John Hawthorn Date: Wed, 2 Mar 2022 14:17:59 -0800 Subject: [PATCH] Check need < buf->used We're guaranteed a power of 2 so that this becomes 0, but we might as well use a check for overflow that works in more cases. Unsigned integer overflow is defined behaviour, so this should be safe. (cherry picked from commit 36410d536b676e836637bb20574a56ebc920eb83) --- src/yajl_buf.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/yajl_buf.c b/src/yajl_buf.c index 1aeafde0..8bd1bea7 100644 --- a/src/yajl_buf.c +++ b/src/yajl_buf.c @@ -30,7 +30,7 @@ struct yajl_buf_t { }; static -void yajl_buf_ensure_available(yajl_buf buf, size_t want) +int yajl_buf_ensure_available(yajl_buf buf, size_t want) { size_t need; @@ -46,11 +46,15 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want) need = buf->len; while (want >= (need - buf->used)) need <<= 1; + if (need < buf->used) { + return -1; + } if (need != buf->len) { buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need); buf->len = need; } + return 0; } yajl_buf yajl_buf_alloc(yajl_alloc_funcs * alloc) @@ -70,7 +74,8 @@ void yajl_buf_free(yajl_buf buf) void yajl_buf_append(yajl_buf buf, const void * data, size_t len) { - yajl_buf_ensure_available(buf, len); + if (yajl_buf_ensure_available(buf, len)) + return; if (len > 0) { assert(data != NULL); memcpy(buf->data + buf->used, data, len);