aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2008-11-24 19:32:44 +0000
committerlloyd <[email protected]>2008-11-24 19:32:44 +0000
commit933109a0e5a6c86c71487165e295c1134c1063f1 (patch)
treefafd535425d5ab16ec157dcfed9de35bc6b69edd
parent24647f786af84eafb2b5c12c1629546bb7df911d (diff)
In Pooling_Allocator::get_more_core, limit in_bytes to at most 1 MiB to
avoid a potential integer overflow in the multiplication. Fixes bugid 27
-rw-r--r--src/alloc/mem_pool/mem_pool.cpp5
-rw-r--r--src/alloc/mem_pool/mem_pool.h2
2 files changed, 4 insertions, 3 deletions
diff --git a/src/alloc/mem_pool/mem_pool.cpp b/src/alloc/mem_pool/mem_pool.cpp
index c99d627ad..cddfe0152 100644
--- a/src/alloc/mem_pool/mem_pool.cpp
+++ b/src/alloc/mem_pool/mem_pool.cpp
@@ -154,7 +154,7 @@ void* Pooling_Allocator::allocate(u32bit n)
if(mem)
return mem;
- get_more_core(PREF_SIZE);
+ get_more_core(BOTAN_MEM_POOL_CHUNK_SIZE);
mem = allocate_blocks(block_no);
if(mem)
@@ -237,6 +237,9 @@ void Pooling_Allocator::get_more_core(u32bit in_bytes)
const u32bit TOTAL_BLOCK_SIZE = BLOCK_SIZE * BITMAP_SIZE;
+ // upper bound on allocation is 1 MiB
+ in_bytes = std::min<u32bit>(in_bytes, 1024 * 1024);
+
const u32bit in_blocks = round_up(in_bytes, BLOCK_SIZE) / TOTAL_BLOCK_SIZE;
const u32bit to_allocate = in_blocks * TOTAL_BLOCK_SIZE;
diff --git a/src/alloc/mem_pool/mem_pool.h b/src/alloc/mem_pool/mem_pool.h
index b74e08a8d..80ed2ddfd 100644
--- a/src/alloc/mem_pool/mem_pool.h
+++ b/src/alloc/mem_pool/mem_pool.h
@@ -61,8 +61,6 @@ class BOTAN_DLL Pooling_Allocator : public Allocator
byte* buffer, *buffer_end;
};
- static const u32bit PREF_SIZE = BOTAN_MEM_POOL_CHUNK_SIZE;
-
std::vector<Memory_Block> blocks;
std::vector<Memory_Block>::iterator last_used;
std::vector<std::pair<void*, u32bit> > allocated;