Fossil SCM
The new blob_reserve() now triggers blob_panic() if asked to allocate more than blob_append_full() internally allows for (not quite 2GB), to avoid a corner case that blob_reserve() could be used to accidentally bypass that internal limit.
Commit
e714b8427c8dd109754d7274d8a38240205da956fdfa7cfac2e5a7f9054f158d
Parent
a52499fdc4c9f14…
1 file changed
+8
-1
+8
-1
| --- src/blob.c | ||
| +++ src/blob.c | ||
| @@ -482,13 +482,20 @@ | ||
| 482 | 482 | |
| 483 | 483 | /* |
| 484 | 484 | ** Ensures that the given blob has at least the given amount of memory |
| 485 | 485 | ** allocated to it. Does not modify pBlob->nUsed nor will it reduce |
| 486 | 486 | ** the currently-allocated amount of memory. |
| 487 | +** | |
| 488 | +** For semantic compatibility with blob_append_full(), if newSize is | |
| 489 | +** >=0x7fff000 (~2GB) then this function will trigger blob_panic(). If | |
| 490 | +** it didn't, it would be possible to bypass that hard-coded limit via | |
| 491 | +** this function. | |
| 487 | 492 | */ |
| 488 | 493 | void blob_reserve(Blob *pBlob, unsigned int newSize){ |
| 489 | - if(newSize>pBlob->nUsed){ | |
| 494 | + if(newSize>=0x7fff0000 ){ | |
| 495 | + blob_panic(); | |
| 496 | + }else if(newSize>pBlob->nUsed){ | |
| 490 | 497 | pBlob->xRealloc(pBlob, newSize); |
| 491 | 498 | pBlob->aData[newSize] = 0; |
| 492 | 499 | } |
| 493 | 500 | } |
| 494 | 501 | |
| 495 | 502 |
| --- src/blob.c | |
| +++ src/blob.c | |
| @@ -482,13 +482,20 @@ | |
| 482 | |
| 483 | /* |
| 484 | ** Ensures that the given blob has at least the given amount of memory |
| 485 | ** allocated to it. Does not modify pBlob->nUsed nor will it reduce |
| 486 | ** the currently-allocated amount of memory. |
| 487 | */ |
| 488 | void blob_reserve(Blob *pBlob, unsigned int newSize){ |
| 489 | if(newSize>pBlob->nUsed){ |
| 490 | pBlob->xRealloc(pBlob, newSize); |
| 491 | pBlob->aData[newSize] = 0; |
| 492 | } |
| 493 | } |
| 494 | |
| 495 |
| --- src/blob.c | |
| +++ src/blob.c | |
| @@ -482,13 +482,20 @@ | |
| 482 | |
| 483 | /* |
| 484 | ** Ensures that the given blob has at least the given amount of memory |
| 485 | ** allocated to it. Does not modify pBlob->nUsed nor will it reduce |
| 486 | ** the currently-allocated amount of memory. |
| 487 | ** |
| 488 | ** For semantic compatibility with blob_append_full(), if newSize is |
| 489 | ** >=0x7fff000 (~2GB) then this function will trigger blob_panic(). If |
| 490 | ** it didn't, it would be possible to bypass that hard-coded limit via |
| 491 | ** this function. |
| 492 | */ |
| 493 | void blob_reserve(Blob *pBlob, unsigned int newSize){ |
| 494 | if(newSize>=0x7fff0000 ){ |
| 495 | blob_panic(); |
| 496 | }else if(newSize>pBlob->nUsed){ |
| 497 | pBlob->xRealloc(pBlob, newSize); |
| 498 | pBlob->aData[newSize] = 0; |
| 499 | } |
| 500 | } |
| 501 | |
| 502 |