mirror/rsync
1
0
Fork 0
mirror of https://github.com/RsyncProject/rsync.git synced 2026-05-18 20:06:07 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fixed a potential overflow issue with realloc() that Sebastian Krahmer

Browse Source 
pointed out.
This commit is contained in:
Wayne Davison
2008-04-08 08:01:43 -07:00
parent 237e9a178f
commit 1fe2a3533f
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
util.c
View File

@@ -1329,7 +1329,7 @@ void *_new_array(unsigned long num, unsigned int size, int use_calloc)
return use_calloc ? calloc(num, size) : malloc(num * size);
}
void *_realloc_array(void *ptr, unsigned int size, unsigned long num)
void *_realloc_array(void *ptr, unsigned int size, size_t num)
{
if (num >= MALLOC_MAX/size)
return NULL;
@@ -1550,7 +1550,10 @@ void *expand_item_list(item_list *lp, size_t item_size,
new_size += incr;
else
new_size *= 2;
new_ptr = realloc_array(lp->items, char, new_size * item_size);
if (new_size < lp->malloced)
overflow_exit("expand_item_list");
/* Using _realloc_array() lets us pass the size, not a type. */
new_ptr = _realloc_array(lp->items, item_size, new_size);
if (verbose >= 4) {
rprintf(FINFO, "[%s] expand %s to %.0f bytes, did%s move\n",
who_am_i(), desc, (double)new_size * item_size,