Fixed uint32_t calculation overflow bug in ddb_list#10
Open
ontholerian wants to merge 1 commit intodiscoproject:masterfrom
Open
Fixed uint32_t calculation overflow bug in ddb_list#10ontholerian wants to merge 1 commit intodiscoproject:masterfrom
ontholerian wants to merge 1 commit intodiscoproject:masterfrom
Conversation
Member
|
@pombredanne I don't maintain discodb or disco. @pooya, do you know what the current maintainership status is? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The calculation of the size of the next increment of
list->listis being calculated usinguint32_tsized integers, yet it is possible that the calculation can exceed the maximum value ofuint32_t. Encountering this case causes the array oflist->listto shrink suddenly to the calculated size minus the maxuint32_tvalue, yetlist->sizestill increases to imply that there is more space available then there is. Later, when the next element is attempted to be added, the value oflist->igoes beyond the allocated space oflist->listand causes the program to segfault.