diff options
| author | The Android Open Source Project <initial-contribution@android.com> | 2009-03-13 13:04:37 -0700 |
|---|---|---|
| committer | The Android Open Source Project <initial-contribution@android.com> | 2009-03-13 13:04:37 -0700 |
| commit | e037fd7e193ecccbb5c0888e49f6d58c224bc11d (patch) | |
| tree | 3936f402311799c99169f8e1d6bf168a2d48f1a9 /libcutils | |
| parent | 2015549667fb77706a9879e974a3875ebccd8198 (diff) | |
| download | system_core-e037fd7e193ecccbb5c0888e49f6d58c224bc11d.zip system_core-e037fd7e193ecccbb5c0888e49f6d58c224bc11d.tar.gz system_core-e037fd7e193ecccbb5c0888e49f6d58c224bc11d.tar.bz2 | |
auto import from //branches/cupcake_rel/...@138607
Diffstat (limited to 'libcutils')
| -rw-r--r-- | libcutils/array.c | 27 | ||||
| -rw-r--r-- | libcutils/strdup8to16.c | 5 |
2 files changed, 26 insertions, 6 deletions
diff --git a/libcutils/array.c b/libcutils/array.c index ff2c8ff..55ec055 100644 --- a/libcutils/array.c +++ b/libcutils/array.c @@ -18,8 +18,10 @@ #include <assert.h> #include <stdlib.h> #include <string.h> +#include <limits.h> #define INITIAL_CAPACITY (4) +#define MAX_CAPACITY ((int)(UINT_MAX/sizeof(void*))) struct Array { void** contents; @@ -45,13 +47,26 @@ void arrayFree(Array* array) { static int ensureCapacity(Array* array, int capacity) { int oldCapacity = array->capacity; if (capacity > oldCapacity) { - int newCapacity = (oldCapacity == 0) ? INITIAL_CAPACITY : oldCapacity * 2; - - // Keep doubling capacity until we surpass necessary capacity. + int newCapacity = (oldCapacity == 0) ? INITIAL_CAPACITY : oldCapacity; + + // Ensure we're not doing something nasty + if (capacity > MAX_CAPACITY) + return -1; + + // Keep doubling capacity until we surpass necessary capacity. while (newCapacity < capacity) { - newCapacity *= 2; + int newCap = newCapacity*2; + // Handle integer overflows + if (newCap < newCapacity || newCap > MAX_CAPACITY) { + newCap = MAX_CAPACITY; + } + newCapacity = newCap; } - + + // Should not happen, but better be safe than sorry + if (newCapacity < 0 || newCapacity > MAX_CAPACITY) + return -1; + void** newContents; if (array->contents == NULL) { // Allocate new array. @@ -151,5 +166,5 @@ int arraySize(Array* array) { } const void** arrayUnwrap(Array* array) { - return array->contents; + return (const void**)array->contents; } diff --git a/libcutils/strdup8to16.c b/libcutils/strdup8to16.c index 8654b04..63e5ca4 100644 --- a/libcutils/strdup8to16.c +++ b/libcutils/strdup8to16.c @@ -18,6 +18,7 @@ #include <cutils/jstring.h> #include <assert.h> #include <stdlib.h> +#include <limits.h> /* See http://www.unicode.org/reports/tr22/ for discussion * on invalid sequences @@ -48,6 +49,10 @@ extern char16_t * strdup8to16 (const char* s, size_t *out_len) len = strlen8to16(s); + // fail on overflow + if (len && SIZE_MAX/len < sizeof(char16_t)) + return NULL; + // no plus-one here. UTF-16 strings are not null terminated ret = (char16_t *) malloc (sizeof(char16_t) * len); |