Oops: need to check array size in bytes, not number of objects

This commit is contained in:
Eric Fischer 2016-03-28 13:08:54 -07:00
parent 356575d0e0
commit cf2abf67d2

View File

@ -100,7 +100,7 @@ static inline int read_wrap(json_pull *j) {
return c;
}
#define SIZE_FOR(i) ((size_t)(((i) + 31) & ~31))
#define SIZE_FOR(i, size) ((size_t)((((i) + 31) & ~31) * size))
static json_object *fabricate_object(json_object *parent, json_type type) {
json_object *o = malloc(sizeof(struct json_object));
@ -124,12 +124,12 @@ static json_object *add_object(json_pull *j, json_type type) {
if (c != NULL) {
if (c->type == JSON_ARRAY) {
if (c->expect == JSON_ITEM) {
if (SIZE_FOR(c->length + 1) != SIZE_FOR(c->length)) {
if (SIZE_FOR(c->length + 1) < SIZE_FOR(c->length)) {
if (SIZE_FOR(c->length + 1, sizeof(json_object *)) != SIZE_FOR(c->length, sizeof(json_object *))) {
if (SIZE_FOR(c->length + 1, sizeof(json_object *)) < SIZE_FOR(c->length, sizeof(json_object *))) {
fprintf(stderr, "Array size overflow\n");
exit(EXIT_FAILURE);
}
c->array = realloc(c->array, SIZE_FOR(c->length + 1) * sizeof(json_object *));
c->array = realloc(c->array, SIZE_FOR(c->length + 1, sizeof(json_object *)));
if (c->array == NULL) {
perror("Out of memory");
exit(EXIT_FAILURE);
@ -154,13 +154,13 @@ static json_object *add_object(json_pull *j, json_type type) {
return NULL;
}
if (SIZE_FOR(c->length + 1) != SIZE_FOR(c->length)) {
if (SIZE_FOR(c->length + 1) < SIZE_FOR(c->length)) {
if (SIZE_FOR(c->length + 1, sizeof(json_object *)) != SIZE_FOR(c->length, sizeof(json_object *))) {
if (SIZE_FOR(c->length + 1, sizeof(json_object *)) < SIZE_FOR(c->length, sizeof(json_object *))) {
fprintf(stderr, "Hash size overflow\n");
exit(EXIT_FAILURE);
}
c->keys = realloc(c->keys, SIZE_FOR(c->length + 1) * sizeof(json_object *));
c->values = realloc(c->values, SIZE_FOR(c->length + 1) * sizeof(json_object *));
c->keys = realloc(c->keys, SIZE_FOR(c->length + 1, sizeof(json_object *)));
c->values = realloc(c->values, SIZE_FOR(c->length + 1, sizeof(json_object *)));
if (c->keys == NULL || c->values == NULL) {
perror("Out of memory");
exit(EXIT_FAILURE);