Blob Blame History Raw
From 49923ccb2143e36850bcdeb781e2bcdf5ce22f15 Mon Sep 17 00:00:00 2001
From: John Hawthorn <john@hawthorn.email>
Date: Wed, 2 Mar 2022 14:17:59 -0800
Subject: [PATCH] Check need < buf->used

We're guaranteed a power of 2 so that this becomes 0, but we might as
well use a check for overflow that works in more cases.

Unsigned integer overflow is defined behaviour, so this should be safe.

(cherry picked from commit 36410d536b676e836637bb20574a56ebc920eb83)
---
 src/yajl_buf.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/yajl_buf.c b/src/yajl_buf.c
index 1aeafde0..8bd1bea7 100644
--- a/src/yajl_buf.c
+++ b/src/yajl_buf.c
@@ -30,7 +30,7 @@ struct yajl_buf_t {
 };
 
 static
-void yajl_buf_ensure_available(yajl_buf buf, size_t want)
+int yajl_buf_ensure_available(yajl_buf buf, size_t want)
 {
     size_t need;
     
@@ -46,11 +46,15 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
     need = buf->len;
 
     while (want >= (need - buf->used)) need <<= 1;
+    if (need < buf->used) {
+         return -1;
+    }
 
     if (need != buf->len) {
         buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
         buf->len = need;
     }
+    return 0;
 }
 
 yajl_buf yajl_buf_alloc(yajl_alloc_funcs * alloc)
@@ -70,7 +74,8 @@ void yajl_buf_free(yajl_buf buf)
 
 void yajl_buf_append(yajl_buf buf, const void * data, size_t len)
 {
-    yajl_buf_ensure_available(buf, len);
+    if (yajl_buf_ensure_available(buf, len))
+        return;
     if (len > 0) {
         assert(data != NULL);
         memcpy(buf->data + buf->used, data, len);