diff options
author | lloyd <[email protected]> | 2008-11-24 19:32:44 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2008-11-24 19:32:44 +0000 |
commit | 933109a0e5a6c86c71487165e295c1134c1063f1 (patch) | |
tree | fafd535425d5ab16ec157dcfed9de35bc6b69edd | |
parent | 24647f786af84eafb2b5c12c1629546bb7df911d (diff) |
In Pooling_Allocator::get_more_core, limit in_bytes to at most 1 MiB to
avoid a potential integer overflow in the multiplication. Fixes bugid 27
-rw-r--r-- | src/alloc/mem_pool/mem_pool.cpp | 5 | ||||
-rw-r--r-- | src/alloc/mem_pool/mem_pool.h | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/src/alloc/mem_pool/mem_pool.cpp b/src/alloc/mem_pool/mem_pool.cpp index c99d627ad..cddfe0152 100644 --- a/src/alloc/mem_pool/mem_pool.cpp +++ b/src/alloc/mem_pool/mem_pool.cpp @@ -154,7 +154,7 @@ void* Pooling_Allocator::allocate(u32bit n) if(mem) return mem; - get_more_core(PREF_SIZE); + get_more_core(BOTAN_MEM_POOL_CHUNK_SIZE); mem = allocate_blocks(block_no); if(mem) @@ -237,6 +237,9 @@ void Pooling_Allocator::get_more_core(u32bit in_bytes) const u32bit TOTAL_BLOCK_SIZE = BLOCK_SIZE * BITMAP_SIZE; + // upper bound on allocation is 1 MiB + in_bytes = std::min<u32bit>(in_bytes, 1024 * 1024); + const u32bit in_blocks = round_up(in_bytes, BLOCK_SIZE) / TOTAL_BLOCK_SIZE; const u32bit to_allocate = in_blocks * TOTAL_BLOCK_SIZE; diff --git a/src/alloc/mem_pool/mem_pool.h b/src/alloc/mem_pool/mem_pool.h index b74e08a8d..80ed2ddfd 100644 --- a/src/alloc/mem_pool/mem_pool.h +++ b/src/alloc/mem_pool/mem_pool.h @@ -61,8 +61,6 @@ class BOTAN_DLL Pooling_Allocator : public Allocator byte* buffer, *buffer_end; }; - static const u32bit PREF_SIZE = BOTAN_MEM_POOL_CHUNK_SIZE; - std::vector<Memory_Block> blocks; std::vector<Memory_Block>::iterator last_used; std::vector<std::pair<void*, u32bit> > allocated; |