From 933109a0e5a6c86c71487165e295c1134c1063f1 Mon Sep 17 00:00:00 2001 From: lloyd Date: Mon, 24 Nov 2008 19:32:44 +0000 Subject: In Pooling_Allocator::get_more_core, limit in_bytes to at most 1 MiB to avoid a potential integer overflow in the multiplication. Fixes bugid 27 --- src/alloc/mem_pool/mem_pool.cpp | 5 ++++- src/alloc/mem_pool/mem_pool.h | 2 -- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/alloc/mem_pool/mem_pool.cpp b/src/alloc/mem_pool/mem_pool.cpp index c99d627ad..cddfe0152 100644 --- a/src/alloc/mem_pool/mem_pool.cpp +++ b/src/alloc/mem_pool/mem_pool.cpp @@ -154,7 +154,7 @@ void* Pooling_Allocator::allocate(u32bit n) if(mem) return mem; - get_more_core(PREF_SIZE); + get_more_core(BOTAN_MEM_POOL_CHUNK_SIZE); mem = allocate_blocks(block_no); if(mem) @@ -237,6 +237,9 @@ void Pooling_Allocator::get_more_core(u32bit in_bytes) const u32bit TOTAL_BLOCK_SIZE = BLOCK_SIZE * BITMAP_SIZE; + // upper bound on allocation is 1 MiB + in_bytes = std::min(in_bytes, 1024 * 1024); + const u32bit in_blocks = round_up(in_bytes, BLOCK_SIZE) / TOTAL_BLOCK_SIZE; const u32bit to_allocate = in_blocks * TOTAL_BLOCK_SIZE; diff --git a/src/alloc/mem_pool/mem_pool.h b/src/alloc/mem_pool/mem_pool.h index b74e08a8d..80ed2ddfd 100644 --- a/src/alloc/mem_pool/mem_pool.h +++ b/src/alloc/mem_pool/mem_pool.h @@ -61,8 +61,6 @@ class BOTAN_DLL Pooling_Allocator : public Allocator byte* buffer, *buffer_end; }; - static const u32bit PREF_SIZE = BOTAN_MEM_POOL_CHUNK_SIZE; - std::vector blocks; std::vector::iterator last_used; std::vector > allocated; -- cgit v1.2.3