Tcl Source Code

Artifact [84e7ce2f48]
Login
Core Home Timeline Branches Tags Tickets Download Wiki
Download Hex

Artifact 84e7ce2f48071a20c46c803752c88f7c948bae41:

Attachment "2557796.patch" to ticket [2557796fff] added by dgp 2009-02-03 03:18:11. 
Index: generic/tclThreadAlloc.c
===================================================================
RCS file: /cvsroot/tcl/tcl/generic/tclThreadAlloc.c,v
retrieving revision 1.29
diff -u -r1.29 tclThreadAlloc.c
--- generic/tclThreadAlloc.c	9 Jan 2009 11:21:46 -0000	1.29
+++ generic/tclThreadAlloc.c	2 Feb 2009 20:16:54 -0000
@@ -292,11 +292,23 @@
 TclpAlloc(
     unsigned int reqSize)
 {
-    Cache *cachePtr = TclpGetAllocCache();
+    Cache *cachePtr;
     Block *blockPtr;
     register int bucket;
     size_t size;
 
+    if (sizeof(int) >= sizeof(size_t)) {
+	/* An unsigned int overflow can also be a size_t overflow */
+	size_t zero = 0;
+	size_t max = ~zero;
+
+	if (((size_t) reqSize) > max - sizeof(Block) - RCHECK) {
+	    /* Requested allocation exceeds memory */
+	    return NULL;
+	}
+    }
+
+    cachePtr = TclpGetAllocCache();
     if (cachePtr == NULL) {
 	cachePtr = GetCache();
     }
This page was generated in about 0.007s by Fossil 2.25 [2ba99c273b] 2024-05-21 11:18:46