From: Dmitry Volyntsev Date: Fri, 19 Oct 2018 17:55:38 +0000 (+0300) Subject: Handling int overflow in njs_array_alloc() on 32bit archs. X-Git-Tag: 0.2.5~5 X-Git-Url: http://git.kaiwu.me/sitemap.xml?a=commitdiff_plain;h=992e93d88c4aa28a7d675ea7322f84d64758239a;p=njs.git Handling int overflow in njs_array_alloc() on 32bit archs. --- diff --git a/njs/njs_array.c b/njs/njs_array.c index 028bb627..c11ca05a 100644 --- a/njs/njs_array.c +++ b/njs/njs_array.c @@ -109,7 +109,7 @@ static njs_ret_t njs_array_prototype_sort_continuation(njs_vm_t *vm, nxt_noinline njs_array_t * njs_array_alloc(njs_vm_t *vm, uint32_t length, uint32_t spare) { - size_t size; + uint64_t size; njs_array_t *array; array = nxt_mem_cache_alloc(vm->mem_cache_pool, sizeof(njs_array_t)); @@ -117,9 +117,9 @@ njs_array_alloc(njs_vm_t *vm, uint32_t length, uint32_t spare) goto memory_error; } - size = (size_t) length + spare; + size = (uint64_t) length + spare; - if (nxt_slow_path(size * sizeof(njs_value_t) < size)) { + if (nxt_slow_path((size * sizeof(njs_value_t)) >= 0xffffffff)) { goto memory_error; }