RUBY-294 fix potential infinite loop

This commit is contained in:
Kyle Banker 2011-08-08 18:23:40 -04:00
parent 61151a4f35
commit f333871bc0

View File

@ -62,12 +62,17 @@ int bson_buffer_free(bson_buffer_t buffer) {
* Return non-zero on allocation failure. */ * Return non-zero on allocation failure. */
static int buffer_grow(bson_buffer_t buffer, int min_length) { static int buffer_grow(bson_buffer_t buffer, int min_length) {
int size = buffer->size; int size = buffer->size;
int old_size;
char* old_buffer = buffer->buffer; char* old_buffer = buffer->buffer;
if (size >= min_length) { if (size >= min_length) {
return 0; return 0;
} }
while (size < min_length) { while (size < min_length) {
old_size = size;
size *= 2; size *= 2;
/* Prevent potential overflow. */
if( size < old_size )
size = min_length;
} }
buffer->buffer = (char*)realloc(buffer->buffer, sizeof(char) * size); buffer->buffer = (char*)realloc(buffer->buffer, sizeof(char) * size);
if (buffer->buffer == NULL) { if (buffer->buffer == NULL) {
@ -117,7 +122,7 @@ int bson_buffer_write(bson_buffer_t buffer, const char* data, int size) {
int bson_buffer_write_at_position(bson_buffer_t buffer, bson_buffer_position position, int bson_buffer_write_at_position(bson_buffer_t buffer, bson_buffer_position position,
const char* data, int size) { const char* data, int size) {
if (position + size > buffer->size) { if (position + size > buffer->size) {
buffer_free(buffer); bson_buffer_free(buffer);
return 1; return 1;
} }