pool: Correct overflow checks

Ok, scrap the previous commit. This is the right overflow check that takes care of 64 bit overflow **and** 32-bit overflow, which needs to be considered because the pool malloc can only allocate 32-bit elements in one go.

pool: Correct overflow checks
Ok, scrap the previous commit. This is the right overflow check that takes care of 64 bit overflow **and** 32-bit overflow, which needs to be considered because the pool malloc can only allocate 32-bit elements in one go.
437f7d69 · Vicent Marti · ce33645f · 437f7d69 · 437f7d69
Commit 437f7d69 authored Dec 13, 2013 by Vicent Marti
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletions

src/pool.c
+3 -0

tests/core/pool.c
+5 -1

No files found.
--- a/src/pool.c
+++ b/src/pool.c
@@ -194,6 +194,9 @@ char *git_pool_strndup(git_pool *pool, const char *str, size_t n)

 	assert(pool && str && pool->item_size == sizeof(char));

+	if ((uint32_t)(n + 1) < n)
+		return NULL;
+
 	if ((ptr = git_pool_malloc(pool, (uint32_t)(n + 1))) != NULL) {
 		memcpy(ptr, str, n);
 		ptr[n] = '\0';

--- a/tests/core/pool.c
+++ b/tests/core/pool.c
@@ -139,7 +139,11 @@ void test_core_pool__strndup_limit(void)
 	git_pool p;

 	cl_git_pass(git_pool_init(&p, 1, 100));
-	cl_assert(git_pool_strndup(&p, "foo", -1) == NULL);
+	/* ensure 64 bit doesn't overflow */
+	cl_assert(git_pool_strndup(&p, "foo", (size_t)-1) == NULL);
+
+	/* ensure 32 bit doesn't overflow */
+	cl_assert(git_pool_strndup(&p, "bar", 0xfffffffful + 32) == NULL);
 	git_pool_clear(&p);
 }